All the vulnerabilites related to netapp - element_software
cve-2017-10115
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "99774", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99774" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10115", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:48.371666Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:02:31.369Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "99774", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99774" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "99774", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99774" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10115", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:02:31.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1678
Vulnerability from cvelistv5
Published
2022-05-25 14:49
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.openanolis.cn/show_bug.cgi?id=61 | x_refsource_CONFIRM | |
https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/ | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a | x_refsource_MISC | |
https://gitee.com/anolis/cloud-kernel/commit/bed537da691b | x_refsource_MISC | |
https://anas.openanolis.cn/cves/detail/CVE-2022-1678 | x_refsource_MISC | |
https://anas.openanolis.cn/errata/detail/ANSA-2022:0143 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220715-0001/ | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:10:03.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "4.18", "versionType": "custom" }, { "lessThanOrEqual": "4.19", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-911", "description": "CWE-911 Improper Update of Reference Count", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-15T15:06:58", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b" }, { "tags": [ "x_refsource_MISC" ], "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678" }, { "tags": [ "x_refsource_MISC" ], "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@openanolis.org", "ID": "CVE-2022-1678", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "4.18" }, { "version_affected": "\u003c=", "version_value": "4.19" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-911 Improper Update of Reference Count" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", "refsource": "CONFIRM", "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61" }, { "name": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/", "refsource": "MISC", "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/" }, { "name": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a" }, { "name": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", "refsource": "MISC", "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b" }, { "name": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", "refsource": "MISC", "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678" }, { "name": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", "refsource": "MISC", "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143" }, { "name": "https://security.netapp.com/advisory/ntap-20220715-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-1678", "datePublished": "2022-05-25T14:49:30", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T00:10:03.820Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7183
Vulnerability from cvelistv5
Published
2018-03-08 20:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
▼ | URL | Tags |
---|---|---|
https://security.gentoo.org/glsa/201805-12 | vendor-advisory, x_refsource_GENTOO | |
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc | vendor-advisory, x_refsource_FREEBSD | |
https://usn.ubuntu.com/3707-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3707-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/103351 | vdb-entry, x_refsource_BID | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20180626-0001/ | x_refsource_CONFIRM | |
http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S | x_refsource_CONFIRM | |
https://www.synology.com/support/security/Synology_SA_18_13 | x_refsource_CONFIRM | |
http://support.ntp.org/bin/view/Main/NtpBug3414 | x_refsource_CONFIRM | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:24:11.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-201805-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "name": "FreeBSD-SA-18:02", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "name": "USN-3707-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3707-2/" }, { "name": "USN-3707-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "name": "103351", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103351" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3414" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:53:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "GLSA-201805-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "name": "FreeBSD-SA-18:02", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "name": "USN-3707-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3707-2/" }, { "name": "USN-3707-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "name": "103351", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103351" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3414" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7183", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201805-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201805-12" }, { "name": "FreeBSD-SA-18:02", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "name": "USN-3707-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3707-2/" }, { "name": "USN-3707-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3707-1/" }, { "name": "103351", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103351" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20180626-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_13", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "http://support.ntp.org/bin/view/Main/NtpBug3414", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug3414" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7183", "datePublished": "2018-03-08T20:00:00", "dateReserved": "2018-02-16T00:00:00", "dateUpdated": "2024-08-05T06:24:11.482Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10349
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101348", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101348" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10349", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:25.233557Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:49:11.928Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101348", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101348" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10349", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101348" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10349", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:49:11.928Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3140
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1038692 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201708-01 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/99088 | vdb-entry, x_refsource_BID | |
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20180926-0001/ | x_refsource_CONFIRM | |
https://kb.isc.org/docs/aa-01495 | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.271Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1038692", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038692" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "99088", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99088" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01495" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND 9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention." } ], "datePublic": "2017-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "A server is potentially vulnerable to degradation of service if\n\n the server is configured to use RPZ,\n the server uses NSDNAME or NSIP policy rules, and\n an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation. It is for this reason that the decision was made to issue this advisory despite its low CVSS score.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "1038692", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038692" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "99088", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99088" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01495" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2" } ], "source": { "discovery": "UNKNOWN" }, "title": "An error processing RPZ rules can cause named to loop endlessly after handling a query", "workarounds": [ { "lang": "en", "value": "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur. You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2017-06-14T00:00:00.000Z", "ID": "CVE-2017-3140", "STATE": "PUBLIC", "TITLE": "An error processing RPZ rules can cause named to loop endlessly after handling a query" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIND 9", "version": { "version_data": [ { "version_value": "9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A server is potentially vulnerable to degradation of service if\n\n the server is configured to use RPZ,\n the server uses NSDNAME or NSIP policy rules, and\n an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation. It is for this reason that the decision was made to issue this advisory despite its low CVSS score." } ] } ] }, "references": { "reference_data": [ { "name": "1038692", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038692" }, { "name": "GLSA-201708-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "99088", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99088" }, { "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us" }, { "name": "https://security.netapp.com/advisory/ntap-20180926-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" }, { "name": "https://kb.isc.org/docs/aa-01495", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01495" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2" } ], "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur. You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3140", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-09-17T04:10:30.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12770
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://lkml.org/lkml/2020/4/13/870" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee" }, { "name": "FEDORA-2020-4c69987c40", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/" }, { "name": "FEDORA-2020-c6b9fff7f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/" }, { "name": "FEDORA-2020-5a69decc0c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "USN-4413-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4411-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "name": "USN-4412-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "name": "USN-4414-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4414-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T18:06:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://lkml.org/lkml/2020/4/13/870" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee" }, { "name": "FEDORA-2020-4c69987c40", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/" }, { "name": "FEDORA-2020-c6b9fff7f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/" }, { "name": "FEDORA-2020-5a69decc0c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "USN-4413-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4411-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "name": "USN-4412-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "name": "USN-4414-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4414-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lkml.org/lkml/2020/4/13/870", "refsource": "CONFIRM", "url": "https://lkml.org/lkml/2020/4/13/870" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee" }, { "name": "FEDORA-2020-4c69987c40", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/" }, { "name": "FEDORA-2020-c6b9fff7f8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/" }, { "name": "FEDORA-2020-5a69decc0c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "USN-4413-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4411-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4411-1/" }, { "name": "USN-4412-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4412-1/" }, { "name": "USN-4419-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4419-1/" }, { "name": "USN-4414-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4414-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12770", "datePublished": "2020-05-09T20:16:36", "dateReserved": "2020-05-09T00:00:00", "dateUpdated": "2024-08-04T12:04:22.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-13143
Vulnerability from cvelistv5
Published
2020-05-18 17:50
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:19.057Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.spinics.net/lists/linux-usb/msg194331.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "USN-4413-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4411-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "name": "USN-4412-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "name": "USN-4414-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4414-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-04T22:50:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.spinics.net/lists/linux-usb/msg194331.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "USN-4413-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4411-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "name": "USN-4412-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "name": "USN-4414-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4414-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13143", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f" }, { "name": "https://www.spinics.net/lists/linux-usb/msg194331.html", "refsource": "MISC", "url": "https://www.spinics.net/lists/linux-usb/msg194331.html" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "DSA-4699", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4699" }, { "name": "openSUSE-SU-2020:0801", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "openSUSE-SU-2020:0935", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "USN-4413-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4413-1/" }, { "name": "USN-4411-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4411-1/" }, { "name": "USN-4412-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4412-1/" }, { "name": "USN-4419-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4419-1/" }, { "name": "USN-4414-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4414-1/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13143", "datePublished": "2020-05-18T17:50:53", "dateReserved": "2020-05-18T00:00:00", "dateUpdated": "2024-08-04T12:11:19.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10285
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:55
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:17.121Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "101319", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101319" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10285", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:01.592681Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:55:14.846Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "101319", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101319" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10285", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "101319", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101319" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10285", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:55:14.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38203
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-02T08:06:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38203", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "name": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947" }, { "name": "https://security.netapp.com/advisory/ntap-20210902-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38203", "datePublished": "2021-08-08T19:25:31", "dateReserved": "2021-08-08T00:00:00", "dateUpdated": "2024-08-04T01:37:16.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45061
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:01:31.434Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/python/cpython/issues/98433" }, { "name": "FEDORA-2022-45d2cfdfa4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/" }, { "name": "FEDORA-2022-3e859b6bc6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/" }, { "name": "FEDORA-2022-e1ce71ff40", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/" }, { "name": "FEDORA-2022-fdb2739feb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0007/" }, { "name": "FEDORA-2022-6f4e6120d7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/" }, { "name": "FEDORA-2022-e6d0495206", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/" }, { "name": "FEDORA-2022-6d51289820", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/" }, { "name": "FEDORA-2022-50deb53896", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/" }, { "name": "FEDORA-2022-93c6916349", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/" }, { "name": "FEDORA-2022-18b234c18b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" }, { "name": "FEDORA-2022-de755fd092", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/" }, { "name": "FEDORA-2022-fd3771db30", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" }, { "name": "FEDORA-2022-6b8b96f883", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/" }, { "name": "FEDORA-2022-3d7e44dbd5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/" }, { "name": "FEDORA-2022-b2f06fbb62", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" }, { "name": "FEDORA-2022-6ba889e0e3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/" }, { "name": "FEDORA-2022-dbb811d203", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/" }, { "name": "FEDORA-2022-e699dd5247", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/" }, { "name": "FEDORA-2022-fbf6a320fe", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/" }, { "name": "FEDORA-2022-bcf089dd07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/" }, { "name": "FEDORA-2023-a990c93ed0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/" }, { "name": "FEDORA-2023-78b4ce2f23", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/" }, { "name": "FEDORA-2023-af5206f71d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "name": "FEDORA-2023-943556a733", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/" }, { "name": "FEDORA-2023-097dd40685", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "name": "FEDORA-2023-f1381c83af", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/" }, { "name": "GLSA-202305-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "name": "FEDORA-2023-129178fd27", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/" }, { "name": "FEDORA-2023-c43a940a93", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/" }, { "name": "FEDORA-2023-5460cf6dfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-15T21:07:33.878146", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/python/cpython/issues/98433" }, { "name": "FEDORA-2022-45d2cfdfa4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/" }, { "name": "FEDORA-2022-3e859b6bc6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/" }, { "name": "FEDORA-2022-e1ce71ff40", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/" }, { "name": "FEDORA-2022-fdb2739feb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0007/" }, { "name": "FEDORA-2022-6f4e6120d7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/" }, { "name": "FEDORA-2022-e6d0495206", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/" }, { "name": "FEDORA-2022-6d51289820", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/" }, { "name": "FEDORA-2022-50deb53896", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/" }, { "name": "FEDORA-2022-93c6916349", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/" }, { "name": "FEDORA-2022-18b234c18b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" }, { "name": "FEDORA-2022-de755fd092", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/" }, { "name": "FEDORA-2022-fd3771db30", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" }, { "name": "FEDORA-2022-6b8b96f883", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/" }, { "name": "FEDORA-2022-3d7e44dbd5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/" }, { "name": "FEDORA-2022-b2f06fbb62", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" }, { "name": "FEDORA-2022-6ba889e0e3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/" }, { "name": "FEDORA-2022-dbb811d203", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/" }, { "name": "FEDORA-2022-e699dd5247", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/" }, { "name": "FEDORA-2022-fbf6a320fe", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/" }, { "name": "FEDORA-2022-bcf089dd07", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/" }, { "name": "FEDORA-2023-a990c93ed0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/" }, { "name": "FEDORA-2023-78b4ce2f23", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/" }, { "name": "FEDORA-2023-af5206f71d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "name": "FEDORA-2023-943556a733", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/" }, { "name": "FEDORA-2023-097dd40685", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "name": "FEDORA-2023-f1381c83af", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/" }, { "name": "GLSA-202305-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "name": "FEDORA-2023-129178fd27", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/" }, { "name": "FEDORA-2023-c43a940a93", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/" }, { "name": "FEDORA-2023-5460cf6dfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45061", "datePublished": "2022-11-09T00:00:00", "dateReserved": "2022-11-09T00:00:00", "dateUpdated": "2024-08-03T14:01:31.434Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35252
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.85.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:29:17.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1613943" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213603" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in curl 7.85.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-28T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1613943" }, { "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://support.apple.com/kb/HT213603" }, { "url": "https://support.apple.com/kb/HT213604" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-35252", "datePublished": "2022-09-23T00:00:00", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2024-08-03T09:29:17.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10293
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:54
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:3047 | vendor-advisory, x_refsource_REDHAT | |
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:3046 | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id/1039596 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201710-31 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/101338 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20171019-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:2999 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:17.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101338" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10293", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:45:35.807984Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:54:48.511Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-14T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101338" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10293", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101338" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10293", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:54:48.511Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32206
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.021Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1570651" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling (CWE-770)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1570651" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32206", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-0201
Vulnerability from cvelistv5
Published
2019-05-23 13:42
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache ZooKeeper |
Version: 1.0.0 to 3.4.13 Version: 3.5.0-alpha to 3.5.4-beta |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:44:14.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "108427", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108427" }, { "name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html" }, { "name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E" }, { "name": "DSA-4461", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4461" }, { "name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jun/13" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "name": "RHSA-2019:3140", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "name": "RHSA-2019:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "name": "RHSA-2019:4352", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190619-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache ZooKeeper", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "1.0.0 to 3.4.13" }, { "status": "affected", "version": "3.5.0-alpha to 3.5.4-beta" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-16T12:06:09", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "108427", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108427" }, { "name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html" }, { "name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E" }, { "name": "DSA-4461", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4461" }, { "name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jun/13" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "name": "RHSA-2019:3140", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "name": "RHSA-2019:3892", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "name": "RHSA-2019:4352", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190619-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2019-0201", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache ZooKeeper", "version": { "version_data": [ { "version_value": "1.0.0 to 3.4.13" }, { "version_value": "3.5.0-alpha to 3.5.4-beta" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "108427", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108427" }, { "name": "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html" }, { "name": "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E" }, { "name": "DSA-4461", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4461" }, { "name": "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jun/13" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "RHSA-2019:3140", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "name": "RHSA-2019:3892", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "name": "RHSA-2019:4352", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392" }, { "name": "https://zookeeper.apache.org/security.html#CVE-2019-0201", "refsource": "CONFIRM", "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201" }, { "name": "https://security.netapp.com/advisory/ntap-20190619-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190619-0001/" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-0201", "datePublished": "2019-05-23T13:42:47", "dateReserved": "2018-11-14T00:00:00", "dateUpdated": "2024-08-04T17:44:14.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-6485
Vulnerability from cvelistv5
Published
2018-02-01 14:00
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
References
▼ | URL | Tags |
---|---|---|
https://sourceware.org/bugzilla/show_bug.cgi?id=22343 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102912 | vdb-entry, x_refsource_BID | |
http://bugs.debian.org/878159 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:3092 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20190404-0003/ | x_refsource_CONFIRM | |
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | x_refsource_MISC | |
https://access.redhat.com/errata/RHBA-2019:0327 | vendor-advisory, x_refsource_REDHAT | |
https://usn.ubuntu.com/4218-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/4416-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:01:49.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" }, { "name": "102912", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102912" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/878159" }, { "name": "RHSA-2018:3092", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3092" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190404-0003/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "RHBA-2019:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "name": "USN-4218-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4218-1/" }, { "name": "USN-4416-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4416-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-01T00:00:00", "descriptions": [ { "lang": "en", "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-09T19:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" }, { "name": "102912", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102912" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/878159" }, { "name": "RHSA-2018:3092", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3092" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190404-0003/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "RHBA-2019:0327", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "name": "USN-4218-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4218-1/" }, { "name": "USN-4416-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4416-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6485", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343", "refsource": "CONFIRM", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" }, { "name": "102912", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102912" }, { "name": "http://bugs.debian.org/878159", "refsource": "CONFIRM", "url": "http://bugs.debian.org/878159" }, { "name": "RHSA-2018:3092", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3092" }, { "name": "https://security.netapp.com/advisory/ntap-20190404-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190404-0003/" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "RHBA-2019:0327", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "name": "USN-4218-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4218-1/" }, { "name": "USN-4416-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4416-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6485", "datePublished": "2018-02-01T14:00:00", "dateReserved": "2018-02-01T00:00:00", "dateUpdated": "2024-08-05T06:01:49.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10105
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://access.redhat.com/errata/RHSA-2017:1792 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
https://access.redhat.com/errata/RHSA-2017:2481 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:2530 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:3453 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:2469 | vendor-advisory, x_refsource_REDHAT | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99851 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:15.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "99851", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99851" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10105", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:52:08.762560Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:03:46.554Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "99851", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99851" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10105", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "99851", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99851" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10105", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:03:46.554Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10111
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:1789 | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/99707 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.471Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99707", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99707" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10111", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:28.125918Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:02:59.127Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99707", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99707" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10111", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99707", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99707" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10111", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:02:59.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10346
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:54.607Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "101315", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101315" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10346", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:38:59.769224Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:49:31.398Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "101315", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101315" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10346", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "101315", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101315" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10346", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:49:31.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21443
Vulnerability from cvelistv5
Published
2022-04-19 20:37
Modified
2024-08-03 02:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-21443", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-24T15:31:25.581438Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-24T15:31:36.356Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T02:38:56.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:7u331" }, { "status": "affected", "version": "Oracle Java SE:8u321" }, { "status": "affected", "version": "Oracle Java SE:11.0.14" }, { "status": "affected", "version": "Oracle Java SE:17.0.2" }, { "status": "affected", "version": "Oracle Java SE:18" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.5" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.1" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:22.0.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:06:38.587068", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21443", "datePublished": "2022-04-19T20:37:30", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-03T02:38:56.379Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10053
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:09
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99842", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99842" }, { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10053", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:58.301283Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:09:18.724Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "99842", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99842" }, { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10053", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "99842", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99842" }, { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10053", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:09:18.724Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10096
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:04
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:15.075Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "99670", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99670" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10096", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:38.743876Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:04:39.770Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "99670", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99670" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10096", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "99670", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99670" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10096", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:04:39.770Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6109
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4387", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "tags": [ "x_transferred" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "name": "USN-3885-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "tags": [ "x_transferred" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "tags": [ "x_transferred" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "name": "GLSA-201903-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "name": "FEDORA-2019-0f4190cdb0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" }, { "name": "openSUSE-SU-2019:1602", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "RHSA-2019:3702", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4387", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "name": "USN-3885-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "name": "GLSA-201903-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "name": "FEDORA-2019-0f4190cdb0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" }, { "name": "openSUSE-SU-2019:1602", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "RHSA-2019:3702", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6109", "datePublished": "2019-01-31T00:00:00", "dateReserved": "2019-01-10T00:00:00", "dateUpdated": "2024-08-04T20:16:24.501Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10109
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99847", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99847" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10109", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:49.347638Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:03:14.843Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99847", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99847" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10109", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99847", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99847" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10109", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:03:14.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10087
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.925Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99703", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99703" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10087", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:47.360248Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:05:39.688Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99703", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99703" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10087", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99703", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99703" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10087", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:05:39.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10345
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:54.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101396", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101396" }, { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10345", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:43:36.658497Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:49:38.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "101396", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101396" }, { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10345", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "101396", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101396" }, { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10345", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:49:38.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10274
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:56
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101333", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101333" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10274", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:02.906928Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:56:12.072Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101333", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101333" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10274", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101333" }, { "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10274", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:56:12.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10102
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:04
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:15.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99712", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99712" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10102", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:36.652061Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:04:06.819Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99712", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99712" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10102", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99712" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10102", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:04:06.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10135
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:00
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.276Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99839", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99839" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10135", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:51:46.063191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:00:17.520Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99839", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99839" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10135", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99839", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99839" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10135", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:00:17.520Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10107
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "99719", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99719" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10107", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:35.619154Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:03:31.799Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "99719", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99719" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10107", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "99719", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99719" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10107", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:03:31.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-9077
Vulnerability from cvelistv5
Published
2019-02-24 00:00
Modified
2024-08-04 21:38
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
References
▼ | URL | Tags |
---|---|---|
https://sourceware.org/bugzilla/show_bug.cgi?id=24243 | x_refsource_MISC | |
http://www.securityfocus.com/bid/107139 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190314-0003/ | x_refsource_CONFIRM | |
https://support.f5.com/csp/article/K00056379 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/4336-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html | vendor-advisory, x_refsource_SUSE | |
https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:38:46.345Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243" }, { "name": "107139", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107139" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190314-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K00056379" }, { "name": "USN-4336-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4336-1/" }, { "name": "openSUSE-SU-2020:1790", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html" }, { "name": "openSUSE-SU-2020:1804", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" }, { "name": "GLSA-202107-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-24" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-10T04:06:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243" }, { "name": "107139", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107139" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190314-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K00056379" }, { "name": "USN-4336-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4336-1/" }, { "name": "openSUSE-SU-2020:1790", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html" }, { "name": "openSUSE-SU-2020:1804", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" }, { "name": "GLSA-202107-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202107-24" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9077", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243" }, { "name": "107139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107139" }, { "name": "https://security.netapp.com/advisory/ntap-20190314-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190314-0003/" }, { "name": "https://support.f5.com/csp/article/K00056379", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K00056379" }, { "name": "USN-4336-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4336-1/" }, { "name": "openSUSE-SU-2020:1790", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html" }, { "name": "openSUSE-SU-2020:1804", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" }, { "name": "GLSA-202107-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-24" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9077", "datePublished": "2019-02-24T00:00:00", "dateReserved": "2019-02-23T00:00:00", "dateUpdated": "2024-08-04T21:38:46.345Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16866
Vulnerability from cvelistv5
Published
2019-01-11 19:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: from v221 to v239 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:54.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4367", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4367" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866" }, { "name": "USN-3855-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3855-1/" }, { "name": "106527", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106527" }, { "name": "GLSA-201903-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201903-07" }, { "name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4" }, { "name": "20190513 Re: System Down: A systemd-journald exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/May/25" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html" }, { "name": "20190513 Re: System Down: A systemd-journald exploit", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2019/May/21" }, { "name": "RHSA-2019:2091", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "name": "RHSA-2019:3222", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3222" }, { "name": "RHSA-2020:0593", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2020:0593" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "systemd", "vendor": "The systemd Project", "versions": [ { "status": "affected", "version": "from v221 to v239" } ] } ], "datePublic": "2019-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-25T14:06:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-4367", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4367" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866" }, { "name": "USN-3855-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3855-1/" }, { "name": "106527", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106527" }, { "name": "GLSA-201903-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201903-07" }, { "name": "[oss-security] 20190510 Re: System Down: A systemd-journald exploit", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4" }, { "name": "20190513 Re: System Down: A systemd-journald exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/May/25" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html" }, { "name": "20190513 Re: System Down: A systemd-journald exploit", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2019/May/21" }, { "name": "RHSA-2019:2091", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "name": "RHSA-2019:3222", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3222" }, { "name": "RHSA-2020:0593", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2020:0593" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16866", "datePublished": "2019-01-11T19:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:32:54.043Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10114
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
http://www.debian.org/security/2017/dsa-4005 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/99726 | vdb-entry, x_refsource_BID | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "DSA-4005", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99726" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10114", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:27.091952Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:02:38.542Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "DSA-4005", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99726" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "DSA-4005", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-4005" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99726" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10114", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:02:38.542Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12653
Vulnerability from cvelistv5
Published
2020-05-05 04:47
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | x_refsource_MISC | |
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2020/05/08/2 | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2020/dsa-4698 | vendor-advisory, x_refsource_DEBIAN | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-13T08:12:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12653", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4" }, { "name": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "name": "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "DSA-4698", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4698" }, { "name": "openSUSE-SU-2020:0801", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12653", "datePublished": "2020-05-05T04:47:35", "dateReserved": "2020-05-05T00:00:00", "dateUpdated": "2024-08-04T12:04:22.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10067
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:07
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99756", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99756" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10067", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:56.881415Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:07:59.164Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99756", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99756" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10067", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99756", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99756" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10067", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:07:59.164Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38202
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-02T08:06:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38202", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "name": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6" }, { "name": "https://security.netapp.com/advisory/ntap-20210902-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38202", "datePublished": "2021-08-08T19:25:59", "dateReserved": "2021-08-08T00:00:00", "dateUpdated": "2024-08-04T01:37:16.361Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10198
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:10
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.932Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99818", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99818" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10198", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:50:37.360795Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T17:10:12.889Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99818", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99818" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10198", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99818", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99818" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10198", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T17:10:12.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21496
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-09-24 20:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:46:38.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-21496", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T13:53:50.783083Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T20:05:36.664Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:7u331" }, { "status": "affected", "version": "Oracle Java SE:8u321" }, { "status": "affected", "version": "Oracle Java SE:11.0.14" }, { "status": "affected", "version": "Oracle Java SE:17.0.2" }, { "status": "affected", "version": "Oracle Java SE:18" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.5" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.1" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:22.0.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:06:40.368882", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21496", "datePublished": "2022-04-19T20:38:50", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-09-24T20:05:36.664Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16597
Vulnerability from cvelistv5
Published
2018-09-21 16:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/105394 | vdb-entry, x_refsource_BID | |
https://security.netapp.com/advisory/ntap-20190204-0001/ | x_refsource_CONFIRM | |
https://bugzilla.suse.com/show_bug.cgi?id=1106512 | x_refsource_CONFIRM | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 | x_refsource_CONFIRM | |
https://support.f5.com/csp/article/K22691834 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html | vendor-advisory, x_refsource_SUSE | |
https://seclists.org/bugtraq/2019/Jul/33 | mailing-list, x_refsource_BUGTRAQ | |
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:24:32.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105394", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105394" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K22691834" }, { "name": "openSUSE-SU-2018:3202", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html" }, { "name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jul/33" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-25T18:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "105394", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105394" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K22691834" }, { "name": "openSUSE-SU-2018:3202", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html" }, { "name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jul/33" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16597", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "105394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105394" }, { "name": "https://security.netapp.com/advisory/ntap-20190204-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "name": "https://bugzilla.suse.com/show_bug.cgi?id=1106512", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" }, { "name": "https://support.f5.com/csp/article/K22691834", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K22691834" }, { "name": "openSUSE-SU-2018:3202", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html" }, { "name": "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/33" }, { "name": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16597", "datePublished": "2018-09-21T16:00:00", "dateReserved": "2018-09-06T00:00:00", "dateUpdated": "2024-08-05T10:24:32.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3462
Vulnerability from cvelistv5
Published
2019-01-28 21:00
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/106690 | vdb-entry, x_refsource_BID | |
https://usn.ubuntu.com/3863-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/3863-2/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2019/dsa-4371 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20190125-0002/ | x_refsource_CONFIRM | |
https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Debian GNU/Linux | apt as used in Debian Stretch and Ubuntu |
Version: 1.4.8 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:12:09.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "106690", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106690" }, { "name": "USN-3863-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3863-1/" }, { "name": "USN-3863-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3863-2/" }, { "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html" }, { "name": "DSA-4371", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4371" }, { "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190125-0002/" }, { "name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "apt as used in Debian Stretch and Ubuntu", "vendor": "Debian GNU/Linux", "versions": [ { "status": "affected", "version": "1.4.8 and earlier" } ] } ], "datePublic": "2019-01-22T00:00:00", "descriptions": [ { "lang": "en", "value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution in apt", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-04T16:06:05", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "106690", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106690" }, { "name": "USN-3863-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3863-1/" }, { "name": "USN-3863-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3863-2/" }, { "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html" }, { "name": "DSA-4371", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4371" }, { "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190125-0002/" }, { "name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2019-01-22T00:00:00", "ID": "CVE-2019-3462", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "apt as used in Debian Stretch and Ubuntu", "version": { "version_data": [ { "version_value": "1.4.8 and earlier" } ] } } ] }, "vendor_name": "Debian GNU/Linux" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution in apt" } ] } ] }, "references": { "reference_data": [ { "name": "106690", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106690" }, { "name": "USN-3863-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3863-1/" }, { "name": "USN-3863-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3863-2/" }, { "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html" }, { "name": "DSA-4371", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4371" }, { "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1637-1] apt security update (amended)", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190125-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190125-0002/" }, { "name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2019-3462", "datePublished": "2019-01-28T21:00:00Z", "dateReserved": "2018-12-31T00:00:00", "dateUpdated": "2024-09-16T16:32:28.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38199
Vulnerability from cvelistv5
Published
2021-08-08 19:27
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM | |
https://www.debian.org/security/2021/dsa-4978 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "name": "DSA-4978", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4978" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-17T00:06:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "name": "DSA-4978", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4978" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38199", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "name": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c" }, { "name": "https://security.netapp.com/advisory/ntap-20210902-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "name": "DSA-4978", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4978" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38199", "datePublished": "2021-08-08T19:27:50", "dateReserved": "2021-08-08T00:00:00", "dateUpdated": "2024-08-04T01:37:16.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1559
Vulnerability from cvelistv5
Published
2019-02-27 23:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:20:27.982Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107174", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107174" }, { "name": "GLSA-201903-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "name": "USN-3899-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3899-1/" }, { "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { "name": "DSA-4400", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4400" }, { "name": "openSUSE-SU-2019:1076", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "name": "openSUSE-SU-2019:1105", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { "name": "openSUSE-SU-2019:1173", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "name": "openSUSE-SU-2019:1175", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { "name": "openSUSE-SU-2019:1432", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { "name": "openSUSE-SU-2019:1637", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { "name": "RHSA-2019:2304", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { "name": "RHSA-2019:2439", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "name": "RHSA-2019:2437", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "name": "RHSA-2019:2471", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2471" }, { "name": "FEDORA-2019-db06efdea1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { "name": "FEDORA-2019-00c25b9379", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { "name": "FEDORA-2019-9a0a7c0986", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { "name": "RHSA-2019:3929", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3931", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "USN-4376-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4376-2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K18549143" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2019-02" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2019-03" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" } ] } ], "credits": [ { "lang": "en", "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" } ], "datePublic": "2019-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Padding Oracle", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-20T14:42:01", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "107174", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107174" }, { "name": "GLSA-201903-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "name": "USN-3899-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3899-1/" }, { "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { "name": "DSA-4400", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2019/dsa-4400" }, { "name": "openSUSE-SU-2019:1076", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "name": "openSUSE-SU-2019:1105", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { "name": "openSUSE-SU-2019:1173", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "name": "openSUSE-SU-2019:1175", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { "name": "openSUSE-SU-2019:1432", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { "name": "openSUSE-SU-2019:1637", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { "name": "RHSA-2019:2304", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { "name": "RHSA-2019:2439", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "name": "RHSA-2019:2437", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "name": "RHSA-2019:2471", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2471" }, { "name": "FEDORA-2019-db06efdea1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { "name": "FEDORA-2019-00c25b9379", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { "name": "FEDORA-2019-9a0a7c0986", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { "name": "RHSA-2019:3929", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3931", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "USN-4376-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4376-2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K18549143" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2019-02" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2019-03" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "0-byte record padding oracle", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2019-02-26", "ID": "CVE-2019-1559", "STATE": "PUBLIC", "TITLE": "0-byte record padding oracle" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)" } ] } } ] }, "vendor_name": "OpenSSL" } ] } }, "credit": [ { "lang": "eng", "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." } ] }, "impact": [ { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Padding Oracle" } ] } ] }, "references": { "reference_data": [ { "name": "107174", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107174" }, { "name": "GLSA-201903-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-10" }, { "name": "USN-3899-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3899-1/" }, { "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { "name": "DSA-4400", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4400" }, { "name": "openSUSE-SU-2019:1076", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "name": "openSUSE-SU-2019:1105", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { "name": "openSUSE-SU-2019:1173", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "name": "openSUSE-SU-2019:1175", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { "name": "openSUSE-SU-2019:1432", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { "name": "openSUSE-SU-2019:1637", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { "name": "RHSA-2019:2304", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { "name": "RHSA-2019:2439", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "name": "RHSA-2019:2437", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "name": "RHSA-2019:2471", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2471" }, { "name": "FEDORA-2019-db06efdea1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { "name": "FEDORA-2019-00c25b9379", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { "name": "FEDORA-2019-9a0a7c0986", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { "name": "RHSA-2019:3929", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "USN-4376-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4376-2/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190301-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { "name": "https://security.netapp.com/advisory/ntap-20190301-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "name": "https://www.openssl.org/news/secadv/20190226.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "name": "https://support.f5.com/csp/article/K18549143", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K18549143" }, { "name": "https://www.tenable.com/security/tns-2019-02", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-02" }, { "name": "https://security.netapp.com/advisory/ntap-20190423-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "name": "https://www.tenable.com/security/tns-2019-03", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2019-03" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282" }, { "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS" } ] } } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2019-1559", "datePublished": "2019-02-27T23:00:00Z", "dateReserved": "2018-11-28T00:00:00", "dateUpdated": "2024-09-17T04:20:35.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10193
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:10
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99854 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:1789 | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://access.redhat.com/errata/RHSA-2017:1792 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
http://www.debian.org/security/2017/dsa-3954 | vendor-advisory, x_refsource_DEBIAN | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:3392 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.953Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99854", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99854" }, { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10193", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:50:40.905859Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T17:10:32.958Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "99854", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99854" }, { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "99854", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99854" }, { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10193", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T17:10:32.958Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-17182
Vulnerability from cvelistv5
Published
2018-09-19 09:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:39:59.702Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3776-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "USN-3776-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "USN-3777-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-1/" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "name": "RHSA-2018:3656", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3656" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "105417", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105417" }, { "name": "45497", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45497/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4" }, { "name": "1041748", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041748" }, { "name": "USN-3777-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-2/" }, { "name": "106503", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106503" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "name": "USN-3777-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3777-3/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-19T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-02-05T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3776-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "USN-3776-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "USN-3777-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-1/" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "name": "RHSA-2018:3656", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3656" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "name": "DSA-4308", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "105417", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105417" }, { "name": "45497", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45497/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4" }, { "name": "1041748", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041748" }, { "name": "USN-3777-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-2/" }, { "name": "106503", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106503" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "name": "USN-3777-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3777-3/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17182", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3776-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3776-1/" }, { "name": "USN-3776-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3776-2/" }, { "name": "USN-3777-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3777-1/" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190204-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "name": "RHSA-2018:3656", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3656" }, { "name": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "name": "DSA-4308", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4308" }, { "name": "105417", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105417" }, { "name": "45497", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45497/" }, { "name": "https://www.openwall.com/lists/oss-security/2018/09/18/4", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4" }, { "name": "1041748", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041748" }, { "name": "USN-3777-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3777-2/" }, { "name": "106503", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106503" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "name": "USN-3777-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3777-3/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17182", "datePublished": "2018-09-19T09:00:00", "dateReserved": "2018-09-19T00:00:00", "dateUpdated": "2024-08-05T10:39:59.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12769
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
References
▼ | URL | Tags |
---|---|---|
https://lkml.org/lkml/2020/2/3/559 | x_refsource_CONFIRM | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d | x_refsource_CONFIRM | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17 | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4391-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://lkml.org/lkml/2020/2/3/559" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4391-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4391-1/" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-07T05:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://lkml.org/lkml/2020/2/3/559" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4391-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4391-1/" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12769", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lkml.org/lkml/2020/2/3/559", "refsource": "CONFIRM", "url": "https://lkml.org/lkml/2020/2/3/559" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "openSUSE-SU-2020:0801", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4391-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4391-1/" }, { "name": "openSUSE-SU-2020:0935", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12769", "datePublished": "2020-05-09T20:16:45", "dateReserved": "2020-05-09T00:00:00", "dateUpdated": "2024-08-04T12:04:22.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10356
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:48
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101413", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101413" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10356", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:43:31.766242Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:48:24.887Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101413", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101413" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10356", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101413", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101413" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10356", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:48:24.887Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10074
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:07
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:1789 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:2424 | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://access.redhat.com/errata/RHSA-2017:1792 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
http://www.debian.org/security/2017/dsa-3954 | vendor-advisory, x_refsource_DEBIAN | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99731 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.983Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "99731", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99731" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10074", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:50.651137Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:07:13.399Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "99731", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99731" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10074", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "99731", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99731" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10074", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:07:13.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7182
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
References
▼ | URL | Tags |
---|---|---|
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html | x_refsource_MISC | |
https://security.gentoo.org/glsa/201805-12 | vendor-advisory, x_refsource_GENTOO | |
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc | vendor-advisory, x_refsource_FREEBSD | |
https://security.netapp.com/advisory/ntap-20180626-0001/ | x_refsource_CONFIRM | |
http://www.securityfocus.com/archive/1/541824/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
http://support.ntp.org/bin/view/Main/NtpBug3412 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3707-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.exploit-db.com/exploits/45846/ | exploit, x_refsource_EXPLOIT-DB | |
https://www.synology.com/support/security/Synology_SA_18_13 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/103191 | vdb-entry, x_refsource_BID | |
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:24:10.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" }, { "name": "GLSA-201805-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "name": "FreeBSD-SA-18:02", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3412" }, { "name": "USN-3707-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "name": "45846", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45846/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "103191", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103191" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-31T18:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" }, { "name": "GLSA-201805-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "name": "FreeBSD-SA-18:02", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3412" }, { "name": "USN-3707-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "name": "45846", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45846/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "103191", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103191" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7182", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" }, { "name": "GLSA-201805-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201805-12" }, { "name": "FreeBSD-SA-18:02", "refsource": "FREEBSD", "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "name": "https://security.netapp.com/advisory/ntap-20180626-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "name": "http://support.ntp.org/bin/view/Main/NtpBug3412", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug3412" }, { "name": "USN-3707-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3707-1/" }, { "name": "45846", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45846/" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_13", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "name": "103191", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103191" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7182", "datePublished": "2018-03-06T20:00:00", "dateReserved": "2018-02-16T00:00:00", "dateUpdated": "2024-08-05T06:24:10.330Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10355
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:48
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "101369", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101369" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10355", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:22.324398Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:48:32.115Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "101369", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101369" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "101369", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101369" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10355", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:48:32.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-0735
Vulnerability from cvelistv5
Published
2018-10-29 13:00
Modified
2024-09-16 19:10
Severity ?
EPSS score ?
Summary
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:35:49.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "105750", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105750" }, { "name": "USN-3840-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "1041986", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041986" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "name": "DSA-4348", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:3700", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" } ] } ], "credits": [ { "lang": "en", "value": "Samuel Weiser" } ], "datePublic": "2018-10-29T00:00:00", "descriptions": [ { "lang": "en", "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Constant time issue", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-15T19:15:21", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "105750", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105750" }, { "name": "USN-3840-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "1041986", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041986" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "name": "DSA-4348", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:3700", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" } ], "title": "Timing attack against ECDSA signature generation", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2018-10-29", "ID": "CVE-2018-0735", "STATE": "PUBLIC", "TITLE": "Timing attack against ECDSA signature generation" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)" }, { "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)" } ] } } ] }, "vendor_name": "OpenSSL" } ] } }, "credit": [ { "lang": "eng", "value": "Samuel Weiser" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." } ] }, "impact": [ { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Constant time issue" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "105750", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105750" }, { "name": "USN-3840-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3840-1/" }, { "name": "https://security.netapp.com/advisory/ntap-20181105-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "1041986", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041986" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "name": "DSA-4348", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4348" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { "name": "https://www.openssl.org/news/secadv/20181029.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:3700", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2018-0735", "datePublished": "2018-10-29T13:00:00Z", "dateReserved": "2017-11-30T00:00:00", "dateUpdated": "2024-09-16T19:10:32.005Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10309
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:53
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101328 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:3267 | vendor-advisory, x_refsource_REDHAT | |
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1039596 | vdb-entry, x_refsource_SECTRACK | |
https://www.exploit-db.com/exploits/43103/ | exploit, x_refsource_EXPLOIT-DB | |
https://security.gentoo.org/glsa/201710-31 | vendor-advisory, x_refsource_GENTOO | |
https://access.redhat.com/errata/RHSA-2017:3264 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:3453 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20171019-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:2999 | vendor-advisory, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 8u144 Version: 9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:54.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101328", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101328" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "43103", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43103/" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10309", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:45:13.387759Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:53:38.783Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 8u144" }, { "status": "affected", "version": "9" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-14T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "101328", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101328" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "43103", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43103/" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10309", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 8u144" }, { "version_affected": "=", "version_value": "9" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "101328", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101328" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "43103", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43103/" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10309", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:53:38.783Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10348
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101354", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101354" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10348", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:26.331134Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:49:18.786Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101354", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101354" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10348", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101354", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101354" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10348", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:49:18.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10350
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:54.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101341", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101341" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10350", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:24.292674Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:49:05.882Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101341", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101341" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101341", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101341" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10350", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:49:05.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3753
Vulnerability from cvelistv5
Published
2022-02-16 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:09:08.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221028-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.15-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-28T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589" }, { "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7" }, { "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4" }, { "url": "https://security.netapp.com/advisory/ntap-20221028-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3753", "datePublished": "2022-02-16T00:00:00", "dateReserved": "2021-08-31T00:00:00", "dateUpdated": "2024-08-03T17:09:08.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-29368
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040 | x_refsource_MISC | |
https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210108-0002/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:48:01.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-08T11:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-29368", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040" }, { "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "name": "https://security.netapp.com/advisory/ntap-20210108-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210108-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-29368", "datePublished": "2020-11-28T06:20:26", "dateReserved": "2020-11-28T00:00:00", "dateUpdated": "2024-08-04T16:48:01.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10125
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:01
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
▼ | URL | Tags |
---|---|---|
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/99809 | vdb-entry, x_refsource_BID | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99809", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99809" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10125", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:24.847344Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:01:24.611Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-09T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99809", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99809" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10125", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99809", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99809" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10125", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:01:24.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11068
Vulnerability from cvelistv5
Published
2019-04-10 19:38
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:16.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "name": "USN-3947-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3947-2/" }, { "name": "[oss-security] 20190422 Nokogiri security update v1.10.3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "name": "USN-3947-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3947-1/" }, { "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "name": "openSUSE-SU-2019:1433", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "name": "openSUSE-SU-2019:1430", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "name": "openSUSE-SU-2019:1428", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "name": "openSUSE-SU-2019:1527", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "name": "FEDORA-2019-e21c77ffae", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "name": "FEDORA-2019-320d5295fc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "name": "FEDORA-2019-e74d639587", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "name": "openSUSE-SU-2019:1824", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-17T15:06:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "name": "USN-3947-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3947-2/" }, { "name": "[oss-security] 20190422 Nokogiri security update v1.10.3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "name": "USN-3947-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3947-1/" }, { "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "name": "openSUSE-SU-2019:1433", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "name": "openSUSE-SU-2019:1430", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "name": "openSUSE-SU-2019:1428", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "name": "openSUSE-SU-2019:1527", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "name": "FEDORA-2019-e21c77ffae", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "name": "FEDORA-2019-320d5295fc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "name": "FEDORA-2019-e74d639587", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "name": "openSUSE-SU-2019:1824", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11068", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "refsource": "MISC", "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "name": "USN-3947-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3947-2/" }, { "name": "[oss-security] 20190422 Nokogiri security update v1.10.3", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "name": "USN-3947-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3947-1/" }, { "name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "name": "openSUSE-SU-2019:1433", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "name": "openSUSE-SU-2019:1430", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "name": "openSUSE-SU-2019:1428", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "name": "openSUSE-SU-2019:1527", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "name": "FEDORA-2019-e21c77ffae", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "name": "FEDORA-2019-320d5295fc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "name": "FEDORA-2019-e74d639587", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "name": "openSUSE-SU-2019:1824", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "https://security.netapp.com/advisory/ntap-20191017-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11068", "datePublished": "2019-04-10T19:38:18", "dateReserved": "2019-04-10T00:00:00", "dateUpdated": "2024-08-04T22:40:16.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10089
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "99659", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99659" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10089", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:46.215799Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:05:26.594Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "99659", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99659" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10089", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "99659", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99659" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10089", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:05:26.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-20855
Vulnerability from cvelistv5
Published
2019-07-26 04:39
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00 | x_refsource_MISC | |
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00 | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html | vendor-advisory, x_refsource_SUSE | |
https://security.netapp.com/advisory/ntap-20190905-0002/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:12:29.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7" }, { "name": "openSUSE-SU-2019:1924", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html" }, { "name": "openSUSE-SU-2019:1923", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-05T23:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7" }, { "name": "openSUSE-SU-2019:1924", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html" }, { "name": "openSUSE-SU-2019:1923", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20855", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7" }, { "name": "openSUSE-SU-2019:1924", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html" }, { "name": "openSUSE-SU-2019:1923", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190905-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20855", "datePublished": "2019-07-26T04:39:40", "dateReserved": "2019-07-26T00:00:00", "dateUpdated": "2024-08-05T12:12:29.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10078
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:1789 | vendor-advisory, x_refsource_REDHAT | |
https://cert.vde.com/en-us/advisories/vde-2017-002 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/99752 | vdb-entry, x_refsource_BID | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2017:3453 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:2469 | vendor-advisory, x_refsource_REDHAT | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.888Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99752", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99752" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10078", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:49.541046Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:06:53.010Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99752", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99752" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10078", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99752", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99752" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10078", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:06:53.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10690
Vulnerability from cvelistv5
Published
2020-05-08 13:48
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4419-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:11.142Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4419-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Red Hat", "versions": [ { "status": "affected", "version": "all kernel versions before 5.5" } ] } ], "descriptions": [ { "lang": "en", "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-22T06:06:33", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "openSUSE-SU-2020:0801", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4419-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4419-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10690", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "all kernel versions before 5.5" } ] } } ] }, "vendor_name": "Red Hat" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode." } ] }, "impact": { "cvss": [ [ { "vectorString": "6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "name": "openSUSE-SU-2020:0801", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "name": "USN-4419-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4419-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10690", "datePublished": "2020-05-08T13:48:30", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:06:11.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10281
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:55
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.934Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101378", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101378" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10281", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:40.396884Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:55:34.292Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101378", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101378" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10281", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101378", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101378" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10281", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:55:34.292Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12771
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:04:22.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2020:1062", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html" }, { "name": "openSUSE-SU-2020:1153", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" }, { "name": "USN-4463-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4463-1/" }, { "name": "USN-4465-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4465-1/" }, { "name": "USN-4462-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4462-1/" }, { "name": "USN-4483-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4483-1/" }, { "name": "USN-4485-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4485-1/" }, { "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://lkml.org/lkml/2020/4/26/87" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2020:1062", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html" }, { "name": "openSUSE-SU-2020:1153", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" }, { "name": "USN-4463-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4463-1/" }, { "name": "USN-4465-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4465-1/" }, { "name": "USN-4462-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4462-1/" }, { "name": "USN-4483-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4483-1/" }, { "name": "USN-4485-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4485-1/" }, { "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://lkml.org/lkml/2020/4/26/87" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12771", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2020:1062", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html" }, { "name": "openSUSE-SU-2020:1153", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "name": "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" }, { "name": "USN-4463-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4463-1/" }, { "name": "USN-4465-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4465-1/" }, { "name": "USN-4462-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4462-1/" }, { "name": "USN-4483-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4483-1/" }, { "name": "USN-4485-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4485-1/" }, { "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "https://lkml.org/lkml/2020/4/26/87", "refsource": "CONFIRM", "url": "https://lkml.org/lkml/2020/4/26/87" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12771", "datePublished": "2020-05-09T20:16:20", "dateReserved": "2020-05-09T00:00:00", "dateUpdated": "2024-08-04T12:04:22.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6110
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:16:24.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "tags": [ "x_transferred" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "tags": [ "x_transferred" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "tags": [ "x_transferred" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "name": "46193", "tags": [ "exploit", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/46193/" }, { "name": "GLSA-201903-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-01-31T00:00:00", "descriptions": [ { "lang": "en", "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "name": "46193", "tags": [ "exploit" ], "url": "https://www.exploit-db.com/exploits/46193/" }, { "name": "GLSA-201903-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-6110", "datePublished": "2019-01-31T00:00:00", "dateReserved": "2019-01-10T00:00:00", "dateUpdated": "2024-08-04T20:16:24.236Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10101
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:04
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:15.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99674", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99674" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10101", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:37.693201Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:04:13.779Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99674", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99674" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10101", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "99674", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99674" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10101", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:04:13.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10116
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:15.968Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99734", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99734" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10116", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:25.933782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:02:23.549Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99734", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99734" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10116", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "99734", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99734" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10116", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:02:23.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10081
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:06
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2017:1789 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:2424 | vendor-advisory, x_refsource_REDHAT | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/99853 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:1792 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
http://www.debian.org/security/2017/dsa-3954 | vendor-advisory, x_refsource_DEBIAN | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99853", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99853" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10081", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:52:39.260688Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:06:28.932Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99853", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99853" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10081", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99853", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99853" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10081", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:06:28.932Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10090
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u141 Version: 8u131; Java SE Embedded: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:15.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99706", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99706" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10090", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:39.963977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:05:20.071Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99706", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99706" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10090", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99706", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99706" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10090", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:05:20.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-20685
Vulnerability from cvelistv5
Published
2019-01-10 00:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:05:17.712Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4387", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "name": "USN-3885-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2" }, { "tags": [ "x_transferred" ], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190215-0001/" }, { "name": "106531", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106531" }, { "tags": [ "x_transferred" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "name": "GLSA-201903-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "RHSA-2019:3702", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "name": "GLSA-202007-53", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-53" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2019-01-10T00:00:00", "descriptions": [ { "lang": "en", "value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4387", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "name": "USN-3885-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2" }, { "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h" }, { "url": "https://security.netapp.com/advisory/ntap-20190215-0001/" }, { "name": "106531", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/106531" }, { "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "name": "GLSA-201903-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "name": "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "RHSA-2019:3702", "tags": [ "vendor-advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "name": "GLSA-202007-53", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202007-53" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20685", "datePublished": "2019-01-10T00:00:00", "dateReserved": "2019-01-10T00:00:00", "dateUpdated": "2024-08-05T12:05:17.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10357
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:48
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.428Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101355", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101355" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10357", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:21.423641Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:48:18.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101355", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101355" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10357", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "101355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101355" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10357", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:48:18.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12888
Vulnerability from cvelistv5
Published
2020-05-15 17:02
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.700Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/" }, { "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6" }, { "name": "FEDORA-2020-57bf620276", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/" }, { "name": "FEDORA-2020-5436586091", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "openSUSE-SU-2020:1153", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "name": "USN-4526-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4526-1/" }, { "name": "USN-4525-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4525-1/" }, { "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-31T17:06:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/" }, { "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6" }, { "name": "FEDORA-2020-57bf620276", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/" }, { "name": "FEDORA-2020-5436586091", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "openSUSE-SU-2020:0935", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "openSUSE-SU-2020:1153", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "name": "USN-4526-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4526-1/" }, { "name": "USN-4525-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4525-1/" }, { "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12888", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/", "refsource": "MISC", "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/" }, { "name": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/", "refsource": "MISC", "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/" }, { "name": "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6" }, { "name": "FEDORA-2020-57bf620276", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/" }, { "name": "FEDORA-2020-5436586091", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "openSUSE-SU-2020:0935", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "name": "openSUSE-SU-2020:1153", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "name": "USN-4526-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4526-1/" }, { "name": "USN-4525-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4525-1/" }, { "name": "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12888", "datePublished": "2020-05-15T17:02:20", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-08-04T12:11:18.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10388
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:44
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.428Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101321", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101321" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10388", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:38:56.925674Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:44:59.766Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101321", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101321" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "101321", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101321" }, { "name": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10388", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:44:59.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21476
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-08-03 02:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220429-0006/ | x_refsource_CONFIRM | |
https://www.debian.org/security/2022/dsa-5128 | vendor-advisory, x_refsource_DEBIAN | |
https://www.debian.org/security/2022/dsa-5131 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:38:56.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:7u331" }, { "status": "affected", "version": "Oracle Java SE:8u321" }, { "status": "affected", "version": "Oracle Java SE:11.0.14" }, { "status": "affected", "version": "Oracle Java SE:17.0.2" }, { "status": "affected", "version": "Oracle Java SE:18" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.5" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.1" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:22.0.0.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-14T11:06:05", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2022-21476", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java SE JDK and JRE", "version": { "version_data": [ { "version_affected": "=", "version_value": "Oracle Java SE:7u331" }, { "version_affected": "=", "version_value": "Oracle Java SE:8u321" }, { "version_affected": "=", "version_value": "Oracle Java SE:11.0.14" }, { "version_affected": "=", "version_value": "Oracle Java SE:17.0.2" }, { "version_affected": "=", "version_value": "Oracle Java SE:18" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:20.3.5" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:21.3.1" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:22.0.0.2" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] }, "impact": { "cvss": { "baseScore": "7.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220429-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "name": "DSA-5128", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5128" }, { "name": "DSA-5131", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5131" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21476", "datePublished": "2022-04-19T20:38:20", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-03T02:38:56.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32207
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.011Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1573634" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-840", "description": "Business Logic Errors (CWE-840)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1573634" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32207", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3137
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 01:02
Severity ?
EPSS score ?
Summary
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1095 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201708-01 | vendor-advisory, x_refsource_GENTOO | |
http://www.securitytracker.com/id/1038258 | vdb-entry, x_refsource_SECTRACK | |
https://security.netapp.com/advisory/ntap-20180802-0002/ | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1040195 | vdb-entry, x_refsource_SECTRACK | |
https://access.redhat.com/errata/RHSA-2017:1582 | vendor-advisory, x_refsource_REDHAT | |
https://www.debian.org/security/2017/dsa-3854 | vendor-advisory, x_refsource_DEBIAN | |
https://access.redhat.com/errata/RHSA-2017:1583 | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/97651 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:1105 | vendor-advisory, x_refsource_REDHAT | |
https://kb.isc.org/docs/aa-01466 | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.234Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1095", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "1038258", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038258" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "1040195", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040195" }, { "name": "RHSA-2017:1582", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "name": "DSA-3854", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "RHSA-2017:1583", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "name": "97651", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97651" }, { "name": "RHSA-2017:1105", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01466" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND 9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8" } ] } ], "datePublic": "2017-03-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering. An attacker can cause a denial of service by exploiting this condition. Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "RHSA-2017:1095", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "1038258", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038258" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "1040195", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040195" }, { "name": "RHSA-2017:1582", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "name": "DSA-3854", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "RHSA-2017:1583", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "name": "97651", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97651" }, { "name": "RHSA-2017:1105", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01466" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" } ], "source": { "discovery": "UNKNOWN" }, "title": "A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME", "workarounds": [ { "lang": "en", "value": "None known." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2017-03-12T00:00:00.000Z", "ID": "CVE-2017-3137", "STATE": "PUBLIC", "TITLE": "A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIND 9", "version": { "version_data": [ { "version_value": "9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8" } ] } } ] }, "vendor_name": "ISC" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering. An attacker can cause a denial of service by exploiting this condition. Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1095", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "name": "GLSA-201708-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "1038258", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038258" }, { "name": "https://security.netapp.com/advisory/ntap-20180802-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "1040195", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040195" }, { "name": "RHSA-2017:1582", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "name": "DSA-3854", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "RHSA-2017:1583", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "name": "97651", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97651" }, { "name": "RHSA-2017:1105", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "name": "https://kb.isc.org/docs/aa-01466", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01466" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" } ], "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "None known." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3137", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-09-17T01:02:07.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-13817
Vulnerability from cvelistv5
Published
2020-06-04 12:31
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
https://security.gentoo.org/glsa/202007-12 | vendor-advisory, x_refsource_GENTOO | |
https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
http://support.ntp.org/bin/view/Main/NtpBug3596 | x_refsource_MISC | |
https://bugs.ntp.org/show_bug.cgi?id=3596 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20200625-0004/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:25:16.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2020:0934", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html" }, { "name": "openSUSE-SU-2020:1007", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html" }, { "name": "GLSA-202007-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202007-12" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3596" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.ntp.org/show_bug.cgi?id=3596" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200625-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-07T14:40:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2020:0934", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html" }, { "name": "openSUSE-SU-2020:1007", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html" }, { "name": "GLSA-202007-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202007-12" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3596" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.ntp.org/show_bug.cgi?id=3596" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200625-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13817", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2020:0934", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html" }, { "name": "openSUSE-SU-2020:1007", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html" }, { "name": "GLSA-202007-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202007-12" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "http://support.ntp.org/bin/view/Main/NtpBug3596", "refsource": "MISC", "url": "http://support.ntp.org/bin/view/Main/NtpBug3596" }, { "name": "https://bugs.ntp.org/show_bug.cgi?id=3596", "refsource": "MISC", "url": "https://bugs.ntp.org/show_bug.cgi?id=3596" }, { "name": "https://security.netapp.com/advisory/ntap-20200625-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200625-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13817", "datePublished": "2020-06-04T12:31:55", "dateReserved": "2020-06-04T00:00:00", "dateUpdated": "2024-08-04T12:25:16.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10176
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:12
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://cert.vde.com/en-us/advisories/vde-2017-002 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99788 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
http://www.debian.org/security/2017/dsa-3954 | vendor-advisory, x_refsource_DEBIAN | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.616Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "99788", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99788" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10176", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:31.501312Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T17:12:17.207Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "99788", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99788" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10176", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "99788", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99788" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10176", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T17:12:17.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10110
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99643", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99643" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10110", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:34.259834Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:03:06.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99643", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99643" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10110", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "99643", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99643" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10110", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:03:06.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3138
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1038260 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/97657 | vdb-entry, x_refsource_BID | |
https://security.gentoo.org/glsa/201708-01 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20180802-0002/ | x_refsource_CONFIRM | |
https://www.debian.org/security/2017/dsa-3854 | vendor-advisory, x_refsource_DEBIAN | |
https://kb.isc.org/docs/aa-01471 | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1038260", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038260" }, { "name": "97657", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97657" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "DSA-3854", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01471" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND 9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention." } ], "datePublic": "2017-03-12T00:00:00", "descriptions": [ { "lang": "en", "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key. Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them. In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel. Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server. The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "1038260", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038260" }, { "name": "97657", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97657" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "DSA-3854", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01471" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" } ], "source": { "discovery": "UNKNOWN" }, "title": "named exits with a REQUIRE assertion failure if it receives a null command string on its control channel", "workarounds": [ { "lang": "en", "value": "None. However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2017-03-12T00:00:00.000Z", "ID": "CVE-2017-3138", "STATE": "PUBLIC", "TITLE": "named exits with a REQUIRE assertion failure if it receives a null command string on its control channel" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIND 9", "version": { "version_data": [ { "version_value": "9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key. Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them. In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel. Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server. The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution." } ] } ] }, "references": { "reference_data": [ { "name": "1038260", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038260" }, { "name": "97657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97657" }, { "name": "GLSA-201708-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "https://security.netapp.com/advisory/ntap-20180802-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "DSA-3854", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "https://kb.isc.org/docs/aa-01471", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01471" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" } ], "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "None. However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3138", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-09-16T22:40:54.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-12538
Vulnerability from cvelistv5
Published
2018-06-22 19:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041194 | vdb-entry, x_refsource_SECTRACK | |
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | x_refsource_MISC | |
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20181014-0001/ | x_refsource_CONFIRM | |
https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Eclipse Foundation | Eclipse Jetty |
Version: unspecified < 9.4.9 Version: 9.4.0 < unspecified |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:38:06.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1041194", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041194" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [ { "lessThan": "9.4.9", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "9.4.0", "versionType": "custom" } ] } ], "datePublic": "2018-06-22T00:00:00", "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-6", "description": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-20T21:14:53", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "name": "1041194", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041194" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12538", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "9.4.9" }, { "version_affected": "\u003e=", "version_value": "9.4.0" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length" } ] } ] }, "references": { "reference_data": [ { "name": "1041194", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041194" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://security.netapp.com/advisory/ntap-20181014-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12538", "datePublished": "2018-06-22T19:00:00", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2024-08-05T08:38:06.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2068
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:44.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220621.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9" }, { "name": "DSA-5169", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5169" }, { "name": "FEDORA-2022-3b7d0abd0b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0008/" }, { "name": "FEDORA-2022-41890e9e44", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)" } ] } ], "credits": [ { "lang": "en", "value": "Chancen (Qingteng 73lab)" } ], "datePublic": "2022-06-21T00:00:00", "descriptions": [ { "lang": "en", "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Command injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-10T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220621.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9" }, { "name": "DSA-5169", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5169" }, { "name": "FEDORA-2022-3b7d0abd0b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/" }, { "url": "https://security.netapp.com/advisory/ntap-20220707-0008/" }, { "name": "FEDORA-2022-41890e9e44", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" } ], "title": "The c_rehash script allows command injection" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-2068", "datePublished": "2022-06-21T14:45:20.597138Z", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-09-16T19:41:46.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7657
Vulnerability from cvelistv5
Published
2018-06-26 16:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Eclipse Foundation | Eclipse Jetty |
Version: unspecified < Version: 9.3.0 < unspecified Version: unspecified < 9.3.24 Version: 9.4.0 < unspecified Version: unspecified < 9.4.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:12:27.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4278", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "name": "RHSA-2019:0910", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668" }, { "name": "[druid-commits] 20210226 [GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s commented on issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s closed issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [ { "lessThanOrEqual": "9.2.0", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "9.3.0", "versionType": "custom" }, { "lessThan": "9.3.24", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "9.4.0", "versionType": "custom" }, { "lessThan": "9.4.11", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-06-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:53:08", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "name": "DSA-4278", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "name": "RHSA-2019:0910", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668" }, { "name": "[druid-commits] 20210226 [GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s commented on issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s closed issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2017-7657", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "9.2.0" }, { "version_affected": "\u003e=", "version_value": "9.3.0" }, { "version_affected": "\u003c", "version_value": "9.3.24" }, { "version_affected": "\u003e=", "version_value": "9.4.0" }, { "version_affected": "\u003c", "version_value": "9.4.11" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4278", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "name": "RHSA-2019:0910", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://security.netapp.com/advisory/ntap-20181014-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668" }, { "name": "[druid-commits] 20210226 [GitHub] [druid] kingnj opened a new issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s commented on issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E" }, { "name": "[druid-commits] 20210304 [GitHub] [druid] suneet-s closed issue #10926: Hello, are there any plans to fix the CVE-2017-7657 and CVE-2017-7658 vulnerabilities of Jetty", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2017-7657", "datePublished": "2018-06-26T16:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2024-08-05T16:12:27.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15098
Vulnerability from cvelistv5
Published
2019-08-16 01:15
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:34:53.238Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" }, { "name": "openSUSE-SU-2019:2173", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html" }, { "name": "openSUSE-SU-2019:2181", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K61214359" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Nov/11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "name": "USN-4185-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4185-1/" }, { "name": "USN-4184-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4184-1/" }, { "name": "USN-4186-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4186-1/" }, { "name": "USN-4186-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4186-2/" }, { "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" }, { "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-02T19:06:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" }, { "name": "openSUSE-SU-2019:2173", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html" }, { "name": "openSUSE-SU-2019:2181", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K61214359" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Nov/11" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "name": "USN-4185-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4185-1/" }, { "name": "USN-4184-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4184-1/" }, { "name": "USN-4186-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4186-1/" }, { "name": "USN-4186-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4186-2/" }, { "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" }, { "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15098", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u", "refsource": "MISC", "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u" }, { "name": "https://security.netapp.com/advisory/ntap-20190905-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" }, { "name": "openSUSE-SU-2019:2173", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html" }, { "name": "openSUSE-SU-2019:2181", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2" }, { "name": "[oss-security] 20190927 Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1" }, { "name": "https://support.f5.com/csp/article/K61214359", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K61214359" }, { "name": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/11" }, { "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "name": "USN-4185-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4185-1/" }, { "name": "USN-4184-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4184-1/" }, { "name": "USN-4186-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4186-1/" }, { "name": "USN-4186-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4186-2/" }, { "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" }, { "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15098", "datePublished": "2019-08-16T01:15:39", "dateReserved": "2019-08-15T00:00:00", "dateUpdated": "2024-08-05T00:34:53.238Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4203
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.262Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934" }, { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 5.15 rc4" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362-\u003eCWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-14T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934" }, { "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814" }, { "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221111-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4203", "datePublished": "2022-03-25T00:00:00", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2024-08-03T17:16:04.262Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10347
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:49
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:41:55.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "name": "101382", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101382" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10347", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:35:27.359742Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:49:25.137Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "name": "101382", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101382" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10347", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "name": "101382", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101382" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10347", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:49:25.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-17498
Vulnerability from cvelistv5
Published
2019-10-21 00:00
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:40:15.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480" }, { "tags": [ "x_transferred" ], "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498" }, { "name": "FEDORA-2019-91529f19e4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" }, { "name": "openSUSE-SU-2019:2483", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html" }, { "name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html" }, { "name": "FEDORA-2019-ec04c34768", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c" }, { "name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220909-0004/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html" }, { "name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-08T13:06:20.499920", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480" }, { "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/" }, { "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498" }, { "name": "FEDORA-2019-91529f19e4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" }, { "name": "openSUSE-SU-2019:2483", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html" }, { "name": "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html" }, { "name": "FEDORA-2019-ec04c34768", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/" }, { "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c" }, { "name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220909-0004/" }, { "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html" }, { "name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17498", "datePublished": "2019-10-21T00:00:00", "dateReserved": "2019-10-11T00:00:00", "dateUpdated": "2024-08-05T01:40:15.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10243
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99827", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99827" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10243", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:17.006654Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T17:05:27.231Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99827", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99827" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10243", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99827", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99827" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10243", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T17:05:27.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16888
Vulnerability from cvelistv5
Published
2019-01-14 22:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
References
▼ | URL | Tags |
---|---|---|
https://security.netapp.com/advisory/ntap-20190307-0007/ | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2019:2091 | vendor-advisory, x_refsource_REDHAT | |
https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4269-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The systemd Project | systemd |
Version: v237 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:39:58.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888" }, { "name": "RHSA-2019:2091", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E" }, { "name": "USN-4269-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4269-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "systemd", "vendor": "The systemd Project", "versions": [ { "status": "affected", "version": "v237" } ] } ], "datePublic": "2017-08-17T00:00:00", "descriptions": [ { "lang": "en", "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-250", "description": "CWE-250", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-14T01:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888" }, { "name": "RHSA-2019:2091", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E" }, { "name": "USN-4269-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4269-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-16888", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "systemd", "version": { "version_data": [ { "version_value": "v237" } ] } } ] }, "vendor_name": "The systemd Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable." } ] }, "impact": { "cvss": [ [ { "vectorString": "4.4/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ] ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-250" } ] } ] }, "references": { "reference_data": [ { "name": "https://security.netapp.com/advisory/ntap-20190307-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190307-0007/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888" }, { "name": "RHSA-2019:2091", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "name": "[cassandra-user] 20190809 cassandra does not start with new systemd version", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E" }, { "name": "USN-4269-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4269-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-16888", "datePublished": "2019-01-14T22:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:39:58.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10086
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/99662 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
http://www.debian.org/security/2017/dsa-4005 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u141 Version: 8u131 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:25:00.967Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "99662", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99662" }, { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "DSA-4005", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10086", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:39:48.355796Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:05:48.487Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u141" }, { "status": "affected", "version": "8u131" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-04T19:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "99662", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99662" }, { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "DSA-4005", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10086", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u141" }, { "version_affected": "=", "version_value": "8u131" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." } ] } ] }, "references": { "reference_data": [ { "name": "99662", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99662" }, { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "DSA-4005", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-4005" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10086", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:05:48.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32205
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.071Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1569946" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling (CWE-770)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1569946" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32205", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10118
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:02
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1791 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2017:1790 | vendor-advisory, x_refsource_REDHAT | |
https://security.netapp.com/advisory/ntap-20170720-0001/ | x_refsource_CONFIRM | |
https://cert.vde.com/en-us/advisories/vde-2017-002 | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1038931 | vdb-entry, x_refsource_SECTRACK | |
https://security.gentoo.org/glsa/201709-22 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/99782 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2017/dsa-3919 | vendor-advisory, x_refsource_DEBIAN | |
http://www.debian.org/security/2017/dsa-3954 | vendor-advisory, x_refsource_DEBIAN | |
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99782", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99782" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10118", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:46.566924Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:02:07.941Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99782", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99782" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10118", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "99782", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99782" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10118", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:02:07.941Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-11884
Vulnerability from cvelistv5
Published
2020-04-29 12:07
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:42:00.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f" }, { "name": "DSA-4667", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4667" }, { "name": "USN-4343-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4343-1/" }, { "name": "FEDORA-2020-64d46a6e29", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/" }, { "name": "FEDORA-2020-16f9239805", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/" }, { "name": "FEDORA-2020-b453269c4e", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/" }, { "name": "USN-4345-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4345-1/" }, { "name": "USN-4342-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4342-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-04T22:00:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f" }, { "name": "DSA-4667", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4667" }, { "name": "USN-4343-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4343-1/" }, { "name": "FEDORA-2020-64d46a6e29", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/" }, { "name": "FEDORA-2020-16f9239805", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/" }, { "name": "FEDORA-2020-b453269c4e", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/" }, { "name": "USN-4345-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4345-1/" }, { "name": "USN-4342-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4342-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-11884", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f" }, { "name": "DSA-4667", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4667" }, { "name": "USN-4343-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4343-1/" }, { "name": "FEDORA-2020-64d46a6e29", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/" }, { "name": "FEDORA-2020-16f9239805", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/" }, { "name": "FEDORA-2020-b453269c4e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/" }, { "name": "USN-4345-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4345-1/" }, { "name": "USN-4342-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4342-1/" }, { "name": "https://security.netapp.com/advisory/ntap-20200608-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11884", "datePublished": "2020-04-29T12:07:37", "dateReserved": "2020-04-17T00:00:00", "dateUpdated": "2024-08-04T11:42:00.533Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10295
Vulnerability from cvelistv5
Published
2017-10-19 17:00
Modified
2024-10-04 16:54
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u161 Version: 7u151 Version: 8u144 Version: 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101384", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101384" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10295", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:45:32.040874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T16:54:34.588Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u161" }, { "status": "affected", "version": "7u151" }, { "status": "affected", "version": "8u144" }, { "status": "affected", "version": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } ], "datePublic": "2017-10-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)." } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-02T10:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:3047", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101384", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101384" }, { "name": "RHSA-2017:3264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10295", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u161" }, { "version_affected": "=", "version_value": "7u151" }, { "version_affected": "=", "version_value": "8u144" }, { "version_affected": "=", "version_value": "9; Java SE Embedded: 8u144; JRockit: R28.3.15" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:3047", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "name": "GLSA-201711-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-14" }, { "name": "DSA-4015", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4015" }, { "name": "RHSA-2017:3267", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "name": "RHSA-2017:2998", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "name": "RHSA-2017:3268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "RHSA-2017:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "name": "1039596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039596" }, { "name": "GLSA-201710-31", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-31" }, { "name": "101384", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101384" }, { "name": "RHSA-2017:3264", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "name": "DSA-4048", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4048" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:3392", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "name": "[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "name": "https://security.netapp.com/advisory/ntap-20171019-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "name": "RHSA-2017:2999", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2999" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10295", "datePublished": "2017-10-19T17:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T16:54:34.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-18683
Vulnerability from cvelistv5
Published
2019-11-04 15:36
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:02:38.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/" }, { "name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" }, { "name": "openSUSE-SU-2019:2675", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2020/Jan/10" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "name": "USN-4254-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4254-1/" }, { "name": "USN-4254-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4254-2/" }, { "name": "USN-4258-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4258-1/" }, { "name": "USN-4287-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4287-1/" }, { "name": "USN-4287-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4287-2/" }, { "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "name": "USN-4284-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4284-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-02T20:06:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/" }, { "name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" }, { "name": "openSUSE-SU-2019:2675", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2020/Jan/10" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "name": "USN-4254-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4254-1/" }, { "name": "USN-4254-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4254-2/" }, { "name": "USN-4258-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4258-1/" }, { "name": "USN-4287-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4287-1/" }, { "name": "USN-4287-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4287-2/" }, { "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "name": "USN-4284-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4284-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18683", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2019/11/02/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1" }, { "name": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/", "refsource": "MISC", "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/" }, { "name": "[oss-security] 20191105 Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1" }, { "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" }, { "name": "openSUSE-SU-2019:2675", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "name": "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/10" }, { "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "name": "USN-4254-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4254-1/" }, { "name": "USN-4254-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4254-2/" }, { "name": "USN-4258-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4258-1/" }, { "name": "USN-4287-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4287-1/" }, { "name": "USN-4287-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4287-2/" }, { "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "name": "USN-4284-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4284-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18683", "datePublished": "2019-11-04T15:36:14", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-05T02:02:38.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-10108
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 19:03
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java |
Version: Java SE: 6u151 Version: 7u141 Version: 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:33:16.080Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "99846", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99846" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2017-10108", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-04T15:36:50.295752Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-04T19:03:24.833Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Java SE: 6u151" }, { "status": "affected", "version": "7u141" }, { "status": "affected", "version": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } ], "datePublic": "2017-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-16T13:57:02", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "RHSA-2017:1791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "99846", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99846" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2017-10108", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java", "version": { "version_data": [ { "version_affected": "=", "version_value": "Java SE: 6u151" }, { "version_affected": "=", "version_value": "7u141" }, { "version_affected": "=", "version_value": "8u131; Java SE Embedded: 8u131; JRockit: R28.3.14" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "name": "RHSA-2017:1790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "name": "https://security.netapp.com/advisory/ntap-20170720-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "name": "RHSA-2017:1789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "name": "https://cert.vde.com/en-us/advisories/vde-2017-002", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "name": "RHSA-2017:2424", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "name": "1038931", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038931" }, { "name": "RHSA-2017:1792", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "name": "GLSA-201709-22", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-22" }, { "name": "DSA-3919", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3919" }, { "name": "RHSA-2017:2481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "name": "RHSA-2017:2530", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "name": "RHSA-2017:3453", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "name": "RHSA-2017:2469", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "name": "DSA-3954", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3954" }, { "name": "99846", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99846" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2017-10108", "datePublished": "2017-08-08T15:00:00", "dateReserved": "2017-06-21T00:00:00", "dateUpdated": "2024-10-04T19:03:24.833Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3136
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1095 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201708-01 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20180802-0002/ | x_refsource_CONFIRM | |
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us | x_refsource_CONFIRM | |
https://www.debian.org/security/2017/dsa-3854 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securitytracker.com/id/1038259 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/97653 | vdb-entry, x_refsource_BID | |
https://access.redhat.com/errata/RHSA-2017:1105 | vendor-advisory, x_refsource_REDHAT | |
https://kb.isc.org/docs/aa-01465 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html | vendor-advisory, x_refsource_SUSE |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.169Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2017:1095", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us" }, { "name": "DSA-3854", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "1038259", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1038259" }, { "name": "97653", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97653" }, { "name": "RHSA-2017:1105", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01465" }, { "name": "openSUSE-SU-2020:1699", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "name": "openSUSE-SU-2020:1701", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND 9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability." } ], "datePublic": "2017-03-12T00:00:00", "descriptions": [ { "lang": "en", "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-20T11:06:37", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "RHSA-2017:1095", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "name": "GLSA-201708-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us" }, { "name": "DSA-3854", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "1038259", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1038259" }, { "name": "97653", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97653" }, { "name": "RHSA-2017:1105", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01465" }, { "name": "openSUSE-SU-2020:1699", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "name": "openSUSE-SU-2020:1701", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" } ], "source": { "discovery": "UNKNOWN" }, "title": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\"", "workarounds": [ { "lang": "en", "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2017-03-12T00:00:00.000Z", "ID": "CVE-2017-3136", "STATE": "PUBLIC", "TITLE": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\"" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIND 9", "version": { "version_data": [ { "version_value": "9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use." } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2017:1095", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "name": "GLSA-201708-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-01" }, { "name": "https://security.netapp.com/advisory/ntap-20180802-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us" }, { "name": "DSA-3854", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3854" }, { "name": "1038259", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038259" }, { "name": "97653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97653" }, { "name": "RHSA-2017:1105", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "name": "https://kb.isc.org/docs/aa-01465", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01465" }, { "name": "openSUSE-SU-2020:1699", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "name": "openSUSE-SU-2020:1701", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" } ] }, "solution": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" } ], "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3136", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-09-17T00:51:35.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38160
Vulnerability from cvelistv5
Published
2021-08-07 03:31
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
https://access.redhat.com/security/cve/cve-2021-38160 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM | |
https://www.debian.org/security/2021/dsa-4978 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2021-38160" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "name": "DSA-4978", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4978" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-17T00:06:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/cve-2021-38160" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "name": "DSA-4978", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-4978" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" } ], "tags": [ "disputed" ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38160", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "name": "https://access.redhat.com/security/cve/cve-2021-38160", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2021-38160" }, { "name": "https://security.netapp.com/advisory/ntap-20210902-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "name": "DSA-4978", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4978" }, { "name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38160", "datePublished": "2021-08-07T03:31:12", "dateReserved": "2021-08-07T00:00:00", "dateUpdated": "2024-08-04T01:37:16.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38201
Vulnerability from cvelistv5
Published
2021-08-08 19:26
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
References
▼ | URL | Tags |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.300Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-02T08:06:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38201", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "name": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c" }, { "name": "https://security.netapp.com/advisory/ntap-20210902-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38201", "datePublished": "2021-08-08T19:26:54", "dateReserved": "2021-08-08T00:00:00", "dateUpdated": "2024-08-04T01:37:16.300Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32208
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:55.993Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1590071" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-840", "description": "Business Logic Errors (CWE-840)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1590071" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32208", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:55.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10090", "lastModified": "2024-11-21T03:05:20.803", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.803", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99706" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99706" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10107", "lastModified": "2024-11-21T03:05:23.353", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.490", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99719" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99719" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: JavaFX). Las versiones compatibles que se han visto afectadas son JavaSE: 7u141 y 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10114", "lastModified": "2024-11-21T03:05:24.667", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.740", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99726" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-10-21 22:15
Modified
2024-11-21 04:32
Severity ?
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
libssh2 | libssh2 | * | |
fedoraproject | fedora | 30 | |
fedoraproject | fedora | 31 | |
opensuse | leap | 15.1 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
netapp | active_iq_unified_manager | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | solidfire | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0F2D0AA-AFDD-41A2-8172-EEB203227E5D", "versionEndIncluding": "1.9.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server." }, { "lang": "es", "value": "En libssh2 versi\u00f3n v1.9.0 y anteriores, la l\u00f3gica de la funci\u00f3n SSH_MSG_DISCONNECT en el archivo packet.c presenta un desbordamiento de enteros en una comprobaci\u00f3n de l\u00edmites, lo que permite a un atacante especificar un desplazamiento arbitrario (fuera de l\u00edmites) para una lectura de memoria posterior. Un servidor SSH dise\u00f1ado puede ser capaz de revelar informaci\u00f3n confidencial o causar una condici\u00f3n de denegaci\u00f3n de servicio en el sistema del cliente cuando un usuario conecta con el servidor." } ], "id": "CVE-2019-17498", "lastModified": "2024-11-21T04:32:22.850", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-10-21T22:15:10.523", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220909-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220909-0004/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-09-23 14:15
Modified
2024-11-21 07:10
Severity ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
haxx | curl | * | |
netapp | clustered_data_ontap | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
apple | macos | * | |
apple | macos | * | |
debian | debian_linux | 10.0 | |
splunk | universal_forwarder | * | |
splunk | universal_forwarder | * | |
splunk | universal_forwarder | 9.1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7B9B38C-6728-408E-93C9-98C042DA9DD3", "versionEndExcluding": "7.85.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D13504E-ABCF-4E6F-8984-EADB123DFDD2", "versionEndExcluding": "11.7.3", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C71359B9-7DCE-4F45-B03F-77CF313A74EA", "versionEndExcluding": "12.6.3", "versionStartIncluding": "12.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings." }, { "lang": "es", "value": "Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando c\u00f3digos de control que cuando son enviados de vuelta a un servidor HTTP podr\u00edan hacer que el servidor devolviera respuestas 400. En efecto, permite que un \"sitio hermano\" deniegue el servicio a todos los hermanos." } ], "id": "CVE-2022-35252", "lastModified": "2024-11-21T07:10:58.650", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-09-23T14:15:12.323", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "source": "support@hackerone.com", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1613943" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213603" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213604" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1613943" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213603" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213604" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.9 | |
isc | bind | 9.9.10 | |
isc | bind | 9.9.10 | |
isc | bind | 9.9.10 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.4 | |
isc | bind | 9.10.5 | |
isc | bind | 9.10.5 | |
isc | bind | 9.10.5 | |
isc | bind | 9.11.0 | |
isc | bind | 9.11.0 | |
isc | bind | 9.11.0 | |
isc | bind | 9.11.0 | |
isc | bind | 9.11.0 | |
isc | bind | 9.11.1 | |
isc | bind | 9.11.1 | |
isc | bind | 9.11.1 | |
netapp | data_ontap_edge | - | |
netapp | element_software | - | |
netapp | oncommand_balance | - | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "AECB4D34-0D20-46C5-A389-0296EF60E795", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*", "matchCriteriaId": "03215B90-9860-4CB4-B7D2-3DF045B129EB", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "matchCriteriaId": "88335D70-E98B-469E-A2E7-1958EB5F10DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", "matchCriteriaId": "795DA9EE-489D-402E-8427-C9E3650BA1E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "matchCriteriaId": "012A3C08-2A0F-4168-9DE0-F609707E4C2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*", "matchCriteriaId": "0387826C-AE6B-44C8-9888-4088CF66D78C", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "matchCriteriaId": "7132A53F-7DF2-4B79-AC86-75A0C73843B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "BFF50431-599D-40DD-A2B3-30A6D5652FFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E76DCB3-8063-415D-A774-9191E69E6980", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*", "matchCriteriaId": "060E10B1-5501-4BD0-A148-B04C56D499F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "1CD813E5-0C4A-4B55-A1B9-9C5C6C2504D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*", "matchCriteriaId": "6658F26D-C088-4470-8AFD-58BB54201C87", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "4E654717-4EF6-4397-A637-A9789CD5D1D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9." }, { "lang": "es", "value": "named contiene una caracter\u00edstica que permite que los operadores env\u00ede comandos a un servidor en ejecuci\u00f3n comunic\u00e1ndose con el proceso del servidor mediante un canal de control utilizando un programa como rndc. Una regresi\u00f3n empleada en un cambio de caracter\u00edsticas reciente ha creado una situaci\u00f3n en la cual algunas versiones de named pueden cerrarse con un error de aserci\u00f3n de REQUIRE si se le env\u00eda una cadena de comandos null. Afecta a BIND desde la versi\u00f3n 9.9.9 hasta la 9.9.9-P7, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc2, desde la versi\u00f3n 9.10.4 hasta la 9.10.4-P7, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P4, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc2 y desde la versi\u00f3n 9.9.9-S1 hasta 9.9.9-S9." } ], "id": "CVE-2017-3138", "lastModified": "2024-11-21T03:24:54.743", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-16T20:29:00.407", "references": [ { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97657" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038260" }, { "source": "security-officer@isc.org", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01471" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038260" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3854" } ], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-617" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 4.3 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ], "id": "CVE-2017-10105", "lastModified": "2024-11-21T03:05:23.020", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.427", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99851" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99851" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-28 21:29
Modified
2024-11-21 04:42
Severity ?
Summary
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
debian | advanced_package_tool | * | |
debian | advanced_package_tool | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
netapp | active_iq | - | |
netapp | element_software | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D2FC6D4-6A3E-448B-84F7-027BDAC1FEAF", "versionEndExcluding": "1.2.30", "vulnerable": true }, { "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "80E371D4-8F2B-41C2-A7CE-E5F93C72B8D6", "versionEndIncluding": "1.4.8", "versionStartIncluding": "1.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF29713A-2852-4E3D-9666-4001C7E8B667", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine." }, { "lang": "es", "value": "El saneamiento incorrecto de un campo de redirecci\u00f3n 302 en el m\u00e9todo HTTP \"transport\" en apt, en versiones 1.4.8 y anteriores, puede conducir a la inyecci\u00f3n de contenido por parte de un atacante MITM, lo que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo en el equipo objetivo." } ], "id": "CVE-2019-3462", "lastModified": "2024-11-21T04:42:05.670", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-28T21:29:00.300", "references": [ { "source": "security@debian.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106690" }, { "source": "security@debian.org", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "source": "security@debian.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html" }, { "source": "security@debian.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html" }, { "source": "security@debian.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190125-0002/" }, { "source": "security@debian.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3863-1/" }, { "source": "security@debian.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3863-2/" }, { "source": "security@debian.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106690" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190125-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3863-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3863-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4371" } ], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C157D010-3A81-4AAE-8FB6-51B559AF29B2", "versionEndExcluding": "7.84.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors." }, { "lang": "es", "value": "curl versiones anteriores a 7.84.0, soporta algoritmos de compresi\u00f3n HTTP \"encadenados\", lo que significa que una respuesta al servidor puede ser comprimida m\u00faltiples veces y potencialmente con diferentes algoritmos. El n\u00famero de \"eslabones\" aceptables en esta \"cadena de descompresi\u00f3n\" era ilimitado, lo que permit\u00eda a un servidor malicioso insertar un n\u00famero pr\u00e1cticamente ilimitado de pasos de compresi\u00f3n. El uso de una cadena de descompresi\u00f3n de este tipo pod\u00eda resultar en una \"bomba de malloc\", haciendo que curl acabara gastando enormes cantidades de memoria de mont\u00f3n asignada, o intentando y devolviendo errores de memoria" } ], "id": "CVE-2022-32206", "lastModified": "2024-11-21T07:05:55.120", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-07T13:15:08.340", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3" }, { "source": "support@hackerone.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "source": "support@hackerone.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1570651" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1570651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes JRockit y Java SE de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE, JRockit. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10347", "lastModified": "2024-11-21T03:05:58.563", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.060", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101382" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Networking). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10355", "lastModified": "2024-11-21T03:05:59.977", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.343", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101369" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-10 21:29
Modified
2024-11-21 04:01
Severity ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271", "versionEndIncluding": "5.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side." }, { "lang": "es", "value": "En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo \".\" o un nombre de archivo vac\u00edo. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente." } ], "id": "CVE-2018-20685", "lastModified": "2024-11-21T04:01:59.800", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-10T21:29:00.377", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/106531" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-53" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190215-0001/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/106531" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197\u0026r2=1.198\u0026f=h" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-53" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190215-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 3.1 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10345", "lastModified": "2024-11-21T03:05:58.137", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:03.997", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101396" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red mediante m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada proporcionando datos a las API en los Componentes especificados sin emplear aplicaciones Java Web Start que no son de confianza o applets Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 9.0 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10102", "lastModified": "2024-11-21T03:05:22.527", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.320", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99712" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99712" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-08-16 02:15
Modified
2024-11-21 04:28
Severity ?
Summary
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
netapp | active_iq_performance_analytics_services | - | |
netapp | active_iq_unified_manager | * | |
netapp | data_availability_services | - | |
netapp | element_software | - | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.04 | |
opensuse | leap | 15.0 | |
opensuse | leap | 15.1 | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A90662CD-A064-48C3-9A43-3B1AFCFAD2E9", "versionEndIncluding": "5.2.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor." }, { "lang": "es", "value": "El archivo drivers/net/wireless/ath/ath6kl/usb.c en el kernel de Linux versiones hasta 5.2.9 presenta una desreferencia del puntero NULL mediante una direcci\u00f3n incompleta en un descriptor de endpoint." } ], "id": "CVE-2019-15098", "lastModified": "2024-11-21T04:28:02.770", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-08-16T02:15:11.393", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "source": "cve@mitre.org", "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Nov/11" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K61214359" }, { "source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4184-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4185-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4186-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4186-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/09/27/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike%40gmail.com/T/#u" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Nov/11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K61214359" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K61214359?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4184-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4185-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4186-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4186-2/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-09-19 09:29
Modified
2024-11-21 03:54
Severity ?
Summary
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
netapp | active_iq_performance_analytics_services | - | |
netapp | element_software | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACCD57BD-57A5-4BEA-A884-2A21E7B92EBA", "versionEndExcluding": "3.16.58", "versionStartIncluding": "3.16", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8AB84BB-69BD-43DB-9CE3-0381B1FC862C", "versionEndExcluding": "3.18.123", "versionStartIncluding": "3.17", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DE38E54-E821-4DB3-86DA-E6DCDD4361E0", "versionEndExcluding": "4.4.157", "versionStartIncluding": "3.19", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "139B519B-2681-4096-A1CE-2CF58E0CE274", "versionEndExcluding": "4.9.128", "versionStartIncluding": "4.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8C1C6C9-9654-4BB7-9908-EFC7BA9040E8", "versionEndExcluding": "4.14.71", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F765B15-BD3A-4C48-984C-05084867A943", "versionEndExcluding": "4.18.9", "versionStartIncluding": "4.15", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations." }, { "lang": "es", "value": "Se ha descubierto un problema en el kernel de Linux hasta la versi\u00f3n 4.18.8. La funci\u00f3n vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de n\u00fameros de secuencias. Un atacante puede desencadenar un uso de memoria previamente liberada (y posiblemente la obtenci\u00f3n de privilegios) mediante determinadas operaciones thread creation, map, unmap, invalidation y dereference." } ], "id": "CVE-2018-17182", "lastModified": "2024-11-21T03:54:02.213", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-09-19T09:29:00.620", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105417" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106503" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041748" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3656" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3777-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3777-2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3777-3/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/45497/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106503" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041748" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3656" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3776-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3776-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3777-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3777-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3777-3/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4308" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/45497/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2018/09/18/4" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-25 15:15
Modified
2024-11-21 06:41
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_volumes_ontap_mediator | - | |
netapp | e-series_santricity_os_controller | * | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | storagegrid | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2A2E0DA-9949-495C-AC30-A21F364D71E1", "versionEndIncluding": "4.19", "versionStartIncluding": "4.18", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", "matchCriteriaId": "280AA828-6FA9-4260-8EC1-019423B966E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF", "versionEndIncluding": "11.70.2", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients." }, { "lang": "es", "value": "Se ha detectado un problema en el Kernel de Linux de la 4.18 a 4.19, una actualizaci\u00f3n inapropiada de la referencia sock en el paso TCP puede conllevar a una p\u00e9rdida de memoria/netns, que puede ser usada por clientes remotos" } ], "id": "CVE-2022-1678", "lastModified": "2024-11-21T06:41:14.133", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@openanolis.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-25T15:15:07.887", "references": [ { "source": "security@openanolis.org", "tags": [ "Third Party Advisory" ], "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678" }, { "source": "security@openanolis.org", "tags": [ "Third Party Advisory" ], "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143" }, { "source": "security@openanolis.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61" }, { "source": "security@openanolis.org", "tags": [ "Permissions Required" ], "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b" }, { "source": "security@openanolis.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a" }, { "source": "security@openanolis.org", "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/" }, { "source": "security@openanolis.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://anas.openanolis.cn/cves/detail/CVE-2022-1678" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=61" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ], "url": "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0001/" } ], "sourceIdentifier": "security@openanolis.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-911" } ], "source": "security@openanolis.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:vmware_vsphere:*:*:*", "matchCriteriaId": "670A4C5C-8FB1-4B7C-9E05-ACF110E95CCC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10087", "lastModified": "2024-11-21T03:05:20.300", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.710", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99703" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99703" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10348", "lastModified": "2024-11-21T03:05:58.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.093", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101354" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101354" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10346", "lastModified": "2024-11-21T03:05:58.350", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.030", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101315" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101315" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*", "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*", "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10074", "lastModified": "2024-11-21T03:05:18.413", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.287", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99731" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99731" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8E6E2D9-E137-498C-B175-1CA268B6E551", "versionEndIncluding": "9.11.1", "versionStartIncluding": "9.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A64173CC-F89B-4276-8E33-525CC89A22A1", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*", "matchCriteriaId": "96715BE6-F6C4-4A9E-85F2-4E53FE740776", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "30ACDFC4-CD8D-4B89-B6C8-8466174B3D76", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "matchCriteriaId": "82A6F259-EB06-4F31-9F68-A76F257756DC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-\u003e9.11.1, 9.9.10-S1, 9.10.5-S1." }, { "lang": "es", "value": "Si named est\u00e1 configurado para que emplee RPZ (Response Policy Zones), un error a a hora de procesar algunos tipos de regla puede conducir a una condici\u00f3n en la que BIND entrar\u00e1 en un bucle infinito al manejar una consulta. Afecta a BIND en la versi\u00f3n 9.9.10, 9.10.5, desde la versi\u00f3n 9.11.0 hasta la 9.11.1 y en las versiones 9.9.10-S1 y 9.10.5-S1." } ], "id": "CVE-2017-3140", "lastModified": "2024-11-21T03:24:55.003", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "security-officer@isc.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-16T20:29:00.457", "references": [ { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99088" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038692" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us" }, { "source": "security-officer@isc.org", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01495" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99088" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038692" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03772en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01495" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" } ], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Las versiones compatibles que se han visto afectadas son Java SE: 8u144 y 9. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, as\u00ed como el acceso de lectura sin autorizaci\u00f3n de un subconjunto de datos accesibles de Java SE y la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 7.1 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." } ], "id": "CVE-2017-10309", "lastModified": "2024-11-21T03:05:52.657", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:02.733", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101328" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/43103/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101328" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/43103/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10101", "lastModified": "2024-11-21T03:05:22.330", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.287", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99674" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-07-26 05:15
Modified
2024-11-21 04:02
Severity ?
Summary
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
opensuse | leap | 15.0 | |
opensuse | leap | 15.1 | |
netapp | active_iq_performance_analytics_services | - | |
netapp | active_iq_unified_manager | * | |
netapp | data_availability_services | - | |
netapp | element_software | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "92C6CD12-AE92-4AFB-91FA-F2A97F5537D8", "versionEndExcluding": "4.18.7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace." }, { "lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux anterior a versi\u00f3n 4.18.7. En create_qp_common en archivo drivers/infiniband/hw/mlx5/qp.c, la funci\u00f3n mlx5_ib_create_qp_resp nunca fue inicializada, resultando en una p\u00e9rdida de memoria de pila en el espacio de usuario." } ], "id": "CVE-2018-20855", "lastModified": "2024-11-21T04:02:19.263", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-07-26T05:15:10.423", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son Java SE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 3.1 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." } ], "id": "CVE-2017-10193", "lastModified": "2024-11-21T03:05:36.183", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:05.740", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99854" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | element_software | - | |
netapp | hci_storage_node | - | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 11.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223", "versionEndExcluding": "5.13.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection." }, { "lang": "es", "value": "El archivo fs/nfs/nfs4client.c en el kernel de Linux versiones anteriores a 5.13.4, presenta un ordenamiento incorrecto de la configuraci\u00f3n de la conexi\u00f3n, que permite a operadores de servidores NFSv4 remotos causar una denegaci\u00f3n de servicio (cuelgue de montajes) al disponer de que esos servidores sean inalcanzables durante la detecci\u00f3n de trunking" } ], "id": "CVE-2021-38199", "lastModified": "2024-11-21T06:16:38.240", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-08T20:15:07.073", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4978" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-09-21 16:29
Modified
2024-11-21 03:53
Severity ?
Summary
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
netapp | active_iq_performance_analytics_services | - | |
netapp | element_software | - | |
opensuse | leap | 42.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "28EB12EC-3BC4-4DCC-9A6A-5F810F17E8FE", "versionEndExcluding": "4.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." }, { "lang": "es", "value": "Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 4.8. La comprobaci\u00f3n de acceso incorrecta de montajes de overlayfs podr\u00eda ser empleada por los atacantes locales para modificar o truncar archivos en el sistema de archivos subyacente" } ], "id": "CVE-2018-16597", "lastModified": "2024-11-21T03:53:01.613", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-09-21T16:29:01.343", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105394" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" }, { "source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Jul/33" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K22691834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105394" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1106512" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jul/33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K22691834" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271", "versionEndIncluding": "5.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "271CACEB-10F5-4CA8-9C99-3274F18EE62D", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FFEE5C-5DAE-4FAD-9651-7983DE092120", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D6EF49-7094-41D9-BDF5-AE5846E37418", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6593DA00-EE33-4223-BEAE-8DC629E79287", "versionEndExcluding": "xcp2361", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67E048EC-4A4F-4F0A-B0B5-F234700293DA", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "665502CB-FCC8-4619-B673-408F7190252A", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "483F5457-7E06-46F3-A808-194289B98AFF", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5644E3E-941A-429A-9AFB-C1023659C1C2", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C1318DD-6AF4-490D-A4AE-079BA544EF8F", "versionEndExcluding": "xcp3070", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c." }, { "lang": "es", "value": "Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the-Middle) puede emplear nombres de objeto manipulados para manipular la salida del cliente, por ejemplo, empleando c\u00f3digos de control de ANSI para ocultar los archivos adicionales que se est\u00e1n transfiriendo. Esto afecta a refresh_progress_meter() en progressmeter.c." } ], "id": "CVE-2019-6109", "lastModified": "2024-11-21T04:45:57.517", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-31T18:29:00.710", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3702" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3885-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4387" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-116" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BCD9327-F097-49B8-BEFF-07785EE8BB6D", "versionEndIncluding": "9.8.8", "versionStartIncluding": "9.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "4418EDD7-AC58-48A3-BE65-273C0E8222E3", "versionEndIncluding": "9.9.9", "versionStartIncluding": "9.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1DE78F6-B88E-44A7-BECD-B78B7E9052C1", "versionEndIncluding": "9.10.4", "versionStartIncluding": "9.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*", "matchCriteriaId": "25855A5C-302F-4A82-AEC1-8C4C9CB70362", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "matchCriteriaId": "86C1A668-D648-4E72-876B-E72D341003D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*", "matchCriteriaId": "0CFD0CE9-FE4D-4FB3-9486-36FA1A4FADF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*", "matchCriteriaId": "E134536A-0F48-4F54-8399-5EF4C09BFF85", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*", "matchCriteriaId": "63C9ED44-1207-4BE6-B5BB-56D198DC0C19", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*", "matchCriteriaId": "561BF14D-8D6A-4DDB-82BB-6B8EBF34C326", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*", "matchCriteriaId": "931DBFCE-F071-490F-867F-52A150DBD245", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "2A7BE793-7717-4019-8F50-158C309E48B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "matchCriteriaId": "FCC182A9-5989-4A87-A3BA-F1CFAEDC95E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "CE6ED392-74B9-487E-83B0-ECAAEEAB3AB3", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -\u003e 9.8.8-P1, 9.9.0 -\u003e 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.0 -\u003e 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0 -\u003e 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, 9.9.3-S1 -\u003e 9.9.9-S8." }, { "lang": "es", "value": "Una consulta con un conjunto determinado de caracter\u00edsticas podr\u00eda provocar que un servidor que emplea DNS64 se encuentre con un fallo de aserci\u00f3n y termine. Un atacante podr\u00eda construir deliberadamente una consulta, habilitando una denegaci\u00f3n de servicio (DoS) contra un servidor si est\u00e1 configurado para emplear la caracter\u00edstica DNS64 y se cumplen otras precondiciones. Afecta a BIND desde la versi\u00f3n 9.8.0 hasta la9.8.8-P1, desde la versi\u00f3n 9.9.0 hasta la 9.9.9-P6, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc1, desde la versi\u00f3n 9.10.0 hasta la 9.10.4-P6, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc1, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P3, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc1 y desde la versi\u00f3n 9.9.3-S1 hasta 9.9.9-S8." } ], "id": "CVE-2017-3136", "lastModified": "2024-11-21T03:24:54.430", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-16T20:29:00.313", "references": [ { "source": "security-officer@isc.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "source": "security-officer@isc.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97653" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038259" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us" }, { "source": "security-officer@isc.org", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01465" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97653" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038259" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01465" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3854" } ], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-617" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). La versi\u00f3n compatible afectada es Java SE: 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10111", "lastModified": "2024-11-21T03:05:24.160", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.647", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99707" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*", "matchCriteriaId": "0FE9D5AE-65D4-4744-9789-09AE3B1F4BAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1-\u003e9.9.10rc1, 9.10.4-P6, 9.10.5b1-\u003e9.10.5rc1, 9.11.0-P3, 9.11.1b1-\u003e9.11.1rc1, and 9.9.9-S8." }, { "lang": "es", "value": "Las asunciones equivocadas sobre el orden de los registros en la secci\u00f3n de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podr\u00eda conducir a una situaci\u00f3n en la que named se cerrar\u00eda con un fallo de aserci\u00f3n al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc1, la versi\u00f3n 9.10.4-P6, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc1, la versi\u00f3n 9.11.0-P3, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc1 y en la versi\u00f3n 9.9.9-S8." } ], "id": "CVE-2017-3137", "lastModified": "2024-11-21T03:24:54.583", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-16T20:29:00.377", "references": [ { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97651" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038258" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040195" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "source": "security-officer@isc.org", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01466" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/97651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038258" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://kb.isc.org/docs/aa-01466" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201708-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-3854" } ], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-617" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*", "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*", "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar con acceso a red por HTTP comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que s\u00f3lo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 4.3 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ], "id": "CVE-2017-10081", "lastModified": "2024-11-21T03:05:19.443", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.523", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99853" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99853" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-23 14:29
Modified
2024-11-21 04:16
Severity ?
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | activemq | 5.15.9 | |
apache | drill | 1.16.0 | |
apache | zookeeper | * | |
apache | zookeeper | 3.5.0 | |
apache | zookeeper | 3.5.0 | |
apache | zookeeper | 3.5.0 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.1 | |
apache | zookeeper | 3.5.2 | |
apache | zookeeper | 3.5.2 | |
apache | zookeeper | 3.5.2 | |
apache | zookeeper | 3.5.2 | |
apache | zookeeper | 3.5.3 | |
apache | zookeeper | 3.5.3 | |
apache | zookeeper | 3.5.3 | |
apache | zookeeper | 3.5.3 | |
apache | zookeeper | 3.5.4 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
redhat | fuse | 1.0.0 | |
oracle | goldengate_stream_analytics | * | |
oracle | siebel_core_-_server_framework | * | |
oracle | timesten_in-memory_database | * | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | element_software | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", "matchCriteriaId": "70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "235DC57F-22B8-4219-9499-7D005D90A654", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", "matchCriteriaId": "19FD698D-914D-46C3-810B-F749CD0C0DE8", "versionEndIncluding": "3.4.13", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "3B1074FD-02DC-4CDC-A8F2-4CE0827539B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "2F0F84E2-88CE-4350-B342-DA761D43682E", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "ACB3229A-F1BA-4AA7-916A-9061BE561AD4", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*", "matchCriteriaId": "0E5C9D62-F9A2-4961-8440-9DF6F5C213D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "A0C88D5A-86CD-41D3-B453-6060482E84E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*", "matchCriteriaId": "24BEEE1F-5408-43F8-B662-B826349E97D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "4031DB88-F356-458F-BC77-91B62744A466", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "AB019BEC-6C42-4A51-9C45-389B6529CE96", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "107E465A-A904-4198-8171-3D764B9F1C19", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "D5DE5D25-B8A9-4172-80FF-D430D47AE96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*", "matchCriteriaId": "3E2EB460-5B43-42E3-98AF-FB08B0C94957", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*", "matchCriteriaId": "9C89705C-D40E-4C7D-A019-809D32AC1A98", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*", "matchCriteriaId": "738C3017-324B-46AB-8D71-5202E31DBC97", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "39BE8DA0-6839-4E59-838F-E0D6A4F96D3B", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*", "matchCriteriaId": "09C66E38-BDA9-42A6-8DBE-4E8781AE8394", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*", "matchCriteriaId": "81C99F52-0D85-41C8-A0DA-CE29C917ADDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*", "matchCriteriaId": "9B94B4B9-2B39-4879-BC68-2E4DEC57650D", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "3E6AADAF-368B-4143-AE49-736A4101D732", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*", "matchCriteriaId": "C392B5BC-1B19-49CB-B43F-D485EC4DC094", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F31D7E8-D31D-4268-9ABF-3733915AA226", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4", "versionEndExcluding": "19.1.0.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD", "versionEndIncluding": "21.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CFFA207-BDA9-4088-890E-99D9A30421D8", "versionEndExcluding": "18.1.3.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper\u2019s getACL() command doesn\u2019t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users." }, { "lang": "es", "value": "Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. El comando getACL () de ZooKeeper no verifica ning\u00fan permiso cuando recupera las ACL del nodo solicitado y devuelve toda la informaci\u00f3n contenida en el campo Id. De ACL como cadena de texto sin formato. DigestAuthenticationProvider sobrecarga el campo Id con el valor hash que se utiliza para la autenticaci\u00f3n del usuario. Como consecuencia, si la autenticaci\u00f3n impl\u00edcita est\u00e1 en uso, el valor hash sin sal ser\u00e1 revelado por la solicitud getACL () para usuarios no autenticados o no privilegiados." } ], "id": "CVE-2019-0201", "lastModified": "2024-11-21T04:16:28.487", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-23T14:29:07.517", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108427" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "source": "security@apache.org", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Jun/13" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190619-0001/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4461" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "security@apache.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "security@apache.org", "tags": [ "Vendor Advisory" ], "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108427" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/ZOOKEEPER-1392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/Jun/13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190619-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4461" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://zookeeper.apache.org/security.html#CVE-2019-0201" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-862" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
cve@mitre.org | https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | Exploit, Patch, Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | Exploit, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | element_software | - | |
netapp | hci_storage_node | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223", "versionEndExcluding": "5.13.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info." }, { "lang": "es", "value": "btrfs en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes causar una denegaci\u00f3n de servicio (bloqueo) por medio de procesos que desencadenan la asignaci\u00f3n de nuevos trozos del sistema durante los momentos en que hay una escasez de espacio libre en el space_info del sistema" } ], "id": "CVE-2021-38203", "lastModified": "2024-11-21T06:16:39.090", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-08T20:15:07.217", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-667" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*", "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*", "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Scripting). La versi\u00f3n compatible afectada es Java SE: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga acceso a red por HTTP comprometa la seguridad de Java SE. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos confidenciales o de todos los datos accesibles de Java SE, as\u00ed como el acceso sin autorizaci\u00f3n a datos de un nivel de importancia cr\u00edtico o todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 8.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } ], "id": "CVE-2017-10078", "lastModified": "2024-11-21T03:05:18.977", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.427", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99752" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99752" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-02-01 14:29
Modified
2024-11-21 04:10
Severity ?
Summary
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "495E9424-0BBA-4820-B793-031DDAC80417", "versionEndIncluding": "2.26", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "404A4EE8-6572-4B35-8C6A-A3CB8F1308A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "17C9CFFB-0F3A-4E59-B6C9-9C8A20BB9B91", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E11C65C3-1B17-4362-A99C-59583081A24D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E63EEA7-05AB-4B1C-9061-AF357566DCDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:*:*:*", "matchCriteriaId": "E82538D3-D912-4943-AFFB-34B8EBB33C6A", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*", "matchCriteriaId": "C57F75D8-DF7A-49D1-BB27-FF21661107B3", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider:6.x:*:*:*:*:clustered_data_ontap:*:*", "matchCriteriaId": "DFA159F3-FFE5-4488-9547-8649F285C0C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1D07062-AA59-49D9-9F27-F2024B873266", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." }, { "lang": "es", "value": "Un desbordamiento de enteros en la implementaci\u00f3n de posix_memalign en las funciones memalign en GNU C Library (tambi\u00e9n conocido como glibc o libc6) en versiones 2.26 y anteriores podr\u00eda provocar que estas funciones devuelvan un puntero a un \u00e1rea de la memoria din\u00e1mica (heap) demasiado peque\u00f1a, pudiendo corromper el heap." } ], "id": "CVE-2018-6485", "lastModified": "2024-11-21T04:10:45.230", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-02-01T14:29:00.623", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://bugs.debian.org/878159" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102912" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3092" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190404-0003/" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4218-1/" }, { "source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4416-1/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ], "url": "http://bugs.debian.org/878159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102912" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190404-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22343" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4218-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4416-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" }, { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
haxx | curl | * | |
fedoraproject | fedora | 35 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
netapp | clustered_data_ontap | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | hci_compute_node | - | |
netapp | bootstrap_os | - | |
netapp | h300s | - | |
netapp | h300s_firmware | - | |
netapp | h500s | - | |
netapp | h500s_firmware | - | |
netapp | h700s | - | |
netapp | h700s_firmware | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
apple | macos | * | |
splunk | universal_forwarder | * | |
splunk | universal_forwarder | * | |
splunk | universal_forwarder | 9.1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1F67AD5-9AB1-490D-B2A2-383B6A5066FB", "versionEndExcluding": "7.84.0", "versionStartIncluding": "7.16.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC", "versionEndExcluding": "13.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client." }, { "lang": "es", "value": "Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificaci\u00f3n de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente" } ], "id": "CVE-2022-32208", "lastModified": "2024-11-21T07:05:55.503", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-07T13:15:08.467", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "support@hackerone.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1590071" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1590071" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-840" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Las versiones compatibles que se han visto afectadas son Java SE: 7u141 y 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite el acceso f\u00edsico, lo que compromete la seguridad de Java SE. Aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Se aplica a la implementaci\u00f3n de Java cuando Java Auto Update est\u00e1 habilitado. CVSS 3.0 Base Score 7.1 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10125", "lastModified": "2024-11-21T03:05:26.233", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:04.087", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99809" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99809" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-11-09 07:15
Modified
2024-11-21 07:28
Severity ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
python | python | * | |
python | python | * | |
python | python | * | |
python | python | * | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
python | python | 3.11.0 | |
fedoraproject | fedora | 35 | |
fedoraproject | fedora | 36 | |
fedoraproject | fedora | 37 | |
netapp | active_iq_unified_manager | - | |
netapp | active_iq_unified_manager | - | |
netapp | e-series_performance_analyzer | - | |
netapp | element_software | - | |
netapp | hci | - | |
netapp | management_services_for_element_software | - | |
netapp | ontap_select_deploy_administration_utility | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "20A23D09-CFA7-4028-A5E9-7AD784C2B9D8", "versionEndIncluding": "3.7.15", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E43ADF1-EABE-45A4-96BE-F1E018ADAEE3", "versionEndIncluding": "3.8.15", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FB09E1E-A9D2-494E-9481-1BBA00D3CFEC", "versionEndIncluding": "3.9.15", "versionStartIncluding": "3.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "2415C537-F33F-496E-BD1C-65887C29FA0B", "versionEndIncluding": "3.10.8", "versionStartIncluding": "3.10.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:-:*:*:*:*:*:*", "matchCriteriaId": "E533460B-E5D6-4C30-A36B-15E2DDF4121C", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:python:python:3.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "03591292-46A3-4F6C-9DC6-4C7BFC4C8743", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en Python antes de la versi\u00f3n 3.11.1. Existe un algoritmo cuadr\u00e1tico innecesario en una ruta cuando se procesan algunas entradas al decodificador IDNA (RFC 3490), de modo que un nombre elaborado e irrazonablemente largo que se presente al decodificador podr\u00eda provocar una denegaci\u00f3n de servicio de la CPU. Los nombres de host suelen ser proporcionados por servidores remotos que podr\u00edan estar controlados por un actor malicioso; en tal escenario, podr\u00edan desencadenar un consumo excesivo de CPU en el cliente que intenta hacer uso de un supuesto nombre de host proporcionado por el atacante. Por ejemplo, el payload del ataque podr\u00eda colocarse en el encabezado Ubicaci\u00f3n de una respuesta HTTP con el c\u00f3digo de estado 302. Est\u00e1 prevista una soluci\u00f3n en 3.11.1, 3.10.9, 3.9.16, 3.8.16 y 3.7.16." } ], "id": "CVE-2022-45061", "lastModified": "2024-11-21T07:28:42.067", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-11-09T07:15:09.887", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/python/cpython/issues/98433" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Third Party Advisory" ], "url": "https://github.com/python/cpython/issues/98433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202305-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0007/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-407" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-06-04 13:15
Modified
2024-11-21 05:01
Severity ?
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F", "versionEndExcluding": "4.2.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB8D7864-41B0-443E-96CF-B011B95223F0", "versionEndExcluding": "4.3.100", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*", "matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*", "matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*", "matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE", "versionEndExcluding": "xcp2410", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6", "versionEndExcluding": "xcp2410", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E", "versionEndExcluding": "xcp2410", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED", "versionEndExcluding": "xcp2410", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886", "versionEndExcluding": "xcp2410", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608", "versionEndExcluding": "xcp2410", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760", "versionEndExcluding": "xcp3110", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B", "versionEndExcluding": "xcp3110", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372", "versionEndExcluding": "xcp3110", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B", "versionEndExcluding": "xcp3110", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD", "versionEndExcluding": "xcp3110", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance." }, { "lang": "es", "value": "ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida del demonio o cambio de hora del sistema) mediante la predicci\u00f3n de las marcas de tiempo de transmisi\u00f3n para su uso en paquetes falsificados. La v\u00edctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la v\u00edctima" } ], "id": "CVE-2020-13817", "lastModified": "2024-11-21T05:01:55.633", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "cve@mitre.org", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-06-04T13:15:11.053", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3596" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.ntp.org/show_bug.cgi?id=3596" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-12" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200625-0004/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.ntp.org/show_bug.cgi?id=3596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202007-12" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200625-0004/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-330" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-04-10 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E054BED-0DA0-4966-8B7F-E7DDFAAF892F", "versionEndIncluding": "1.1.33", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*", "matchCriteriaId": "8594A5FB-33D0-422E-8F32-16ECF08DB45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF", "versionEndIncluding": "11.70.2", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded." }, { "lang": "es", "value": "libxslt hasta la versi\u00f3n 1.1.33 permite omitir los mecanismos de protecci\u00f3n debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso despu\u00e9s de recibir el c\u00f3digo de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inv\u00e1lida y que se carga posteriormente." } ], "id": "CVE-2019-11068", "lastModified": "2024-11-21T04:20:28.480", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-04-10T20:29:01.147", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3947-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3947-2/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3947-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3947-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:37
Severity ?
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | 5.15 | |
linux | linux_kernel | 5.15 | |
linux | linux_kernel | 5.15 | |
linux | linux_kernel | 5.15 | |
netapp | active_iq_unified_manager | - | |
netapp | e-series_santricity_os_controller | * | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | a700s_firmware | - | |
netapp | a700s | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
oracle | communications_cloud_native_core_binding_support_function | 22.1.3 | |
oracle | communications_cloud_native_core_network_exposure_function | 22.1.1 | |
oracle | communications_cloud_native_core_policy | 22.2.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4", "versionEndExcluding": "5.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", "matchCriteriaId": "40D9C0D1-0F32-4A2B-9840-1072F5497540", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C5DA53D-744B-4087-AEA9-257F18949E4D", "versionEndIncluding": "11.70.2", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information." }, { "lang": "es", "value": "Se ha encontrado un fallo de lectura de uso de memoria previamente liberada en la funci\u00f3n sock_getsockopt() en el archivo net/core/sock.c debido a la carrera de SO_PEERCRED y SO_PEERGROUPS con listen() (y connect()) en el kernel de Linux. En este fallo, un atacante con privilegios de usuario puede bloquear el sistema o filtrar informaci\u00f3n interna del kernel" } ], "id": "CVE-2021-4203", "lastModified": "2024-11-21T06:37:08.430", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-25T19:15:09.833", "references": [ { "source": "secalert@redhat.com", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814" }, { "source": "secalert@redhat.com", "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0003/" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221111-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "secalert@redhat.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-362" }, { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Javadoc). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, as\u00ed como el acceso de lectura sin autorizaci\u00f3n a un subconjunto de datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "id": "CVE-2017-10293", "lastModified": "2024-11-21T03:05:50.797", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:02.343", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101338" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101338" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-02-27 23:29
Modified
2024-11-21 04:36
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC", "versionEndExcluding": "1.0.2r", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E878102-1EA0-4D83-9F36-955DCF902211", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "EB2FB857-5F1F-46E5-A90C-AFB990BF1660", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", "matchCriteriaId": "F74F467A-0C81-40D9-BA06-40FB8EF02C04", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC", "versionEndIncluding": "9.0.4", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "706316DC-8C24-4D9E-B7B4-F62CB52106B8", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "830028B5-9BAF-439C-8166-1053C0CB9836", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "22C64069-68D1-445F-B20D-FD1FF8DB0F71", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D87C038-B96D-4EA8-AB03-0401B2C9BB24", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "01BC2A57-030F-4A13-B584-BE2627EA3FE7", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "037C035C-9CFC-4224-8264-6132252D11FD", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD91F1A1-67F5-4547-848B-21664A9CC685", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "10367A28-787A-4FAB-80AD-ADD67A751732", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "46712630-407A-4E61-B62F-3AB156353A1D", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "21E18EA5-2210-41B1-87B0-55AB16514FE2", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D0BD10F-735D-4442-828B-0B90207ABEAD", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "448BB033-AE0F-46A0-8E98-3A6AE36EADAE", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC06609D-C362-4214-8487-2278161B5EAD", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "2008DD47-CC1D-430F-8478-E90617F5F998", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC39F6EE-478A-4638-B97D-3C25FD318F3D", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "317C50A2-FE92-4C78-A94A-062274E6A6A8", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "389B6330-3041-4892-97D5-B5A6D9CE1487", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C556587-6963-49CF-8A2B-00431B386D78", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D748001D-340C-45C4-A2D0-0575538C5CEC", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "572B1078-60C4-4A71-A0F4-2E2F4FBC4102", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0371EB7C-3D41-4B8C-8FA9-DC6F42442448", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB7588DA-75D3-4374-8871-D92E95509C91", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C95403E8-A078-47E8-9B2F-F572D24C79EF", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0585424E-3F74-400E-8199-ED964317F89F", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7722F39-9B7E-4267-B757-B9570B039323", "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A", "versionEndIncluding": "7.1.0", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700", "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "427DA624-2397-4A61-A2ED-23F5C22C174E", "versionEndIncluding": "8.2.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", "matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", "matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE", "versionEndIncluding": "5.6.4", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*", "matchCriteriaId": "02630E85-191E-4C58-B81B-4DAF93A26856", "versionEndExcluding": "6.0.0", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "65D5476E-FBF9-474B-87E1-B6459E52736C", "versionEndExcluding": "3.0.0", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDD5E877-978C-4A16-B6C5-41A30D020B54", "versionEndExcluding": "9.0.0", "versionStartIncluding": "7.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E0F04157-FB34-4F22-B328-6BE1F2373DEE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D8EDA23C-7F75-4712-AF3F-B0E3597810B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "5D139E52-0528-4D05-8502-1AB9AB10CA9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B59717B5-34D5-4C83-904A-884ED30DFC19", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "4E28B437-64A8-456C-98A1-4ADF5B6A2F60", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2D705705-0D0D-468B-A140-C9A1B7A6CE6F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB290045-2140-47EE-9BB4-35BAE8F1599C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*", "matchCriteriaId": "83800E2F-804C-485D-A8FA-F4B32CDB4548", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "60BEB1C6-C279-4BB0-972C-BE28A6605C09", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9", "versionEndIncluding": "5.6.43", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA988288-7D0C-4ADE-BE61-484D2D555A8A", "versionEndIncluding": "5.7.25", "versionStartIncluding": "5.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408", "versionEndIncluding": "8.0.15", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFBC7A65-3C0B-4B17-B087-250E69EE5B12", "versionEndIncluding": "4.0.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "A443D73A-63BE-4D1F-B605-0F7D20915518", "versionEndIncluding": "8.0.14", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "71CD99E7-3FE7-42E2-B480-7AA0E543340E", "versionEndIncluding": "8.0.16", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*", "matchCriteriaId": "62DAD71E-A6D5-4CA9-A016-100F2D5114A6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F457852F-D998-4BCF-99FE-09C6DFC8851A", "versionEndExcluding": "7.1.15", "versionStartIncluding": "7.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACA311D7-0ADC-497A-8A47-5AB864F201DE", "versionEndExcluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500", "versionEndExcluding": "8.1.8", "versionStartIncluding": "8.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1987BB-8F42-48F0-8FE2-70ABD689F434", "versionEndExcluding": "9.0.2", "versionStartIncluding": "9.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4", "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36", "versionEndExcluding": "6.17.0", "versionStartIncluding": "6.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5", "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "A94F4836-1873-43F4-916E-9D9B302A053A", "versionEndExcluding": "8.15.1", "versionStartIncluding": "8.9.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." }, { "lang": "es", "value": "Si una aplicaci\u00f3n encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido." } ], "id": "CVE-2019-1559", "lastModified": "2024-11-21T04:36:48.960", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-02-27T23:29:00.277", "references": [ { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/107174" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2471" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { "source": "openssl-security@openssl.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K18549143" }, { "source": "openssl-security@openssl.org", "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3899-1/" }, { "source": "openssl-security@openssl.org", "tags": [ "Broken Link" ], "url": "https://usn.ubuntu.com/4376-2/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4400" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2019-02" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2019-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/107174" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2304" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K18549143" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3899-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://usn.ubuntu.com/4376-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4400" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2019-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2019-03" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-203" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*", "matchCriteriaId": "C57F75D8-DF7A-49D1-BB27-FF21661107B3", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider:6.0:*:*:*:*:clustered_data_ontap:*:*", "matchCriteriaId": "74118415-7E65-4D4B-A5E8-51D17CE5B6EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*", "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*", "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: 2D). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones en sandbox Java Web Start y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10053", "lastModified": "2024-11-21T03:05:15.323", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:01.773", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99842" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-04 16:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
opensuse | leap | 15.1 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - | |
netapp | data_availability_services | - | |
netapp | e-series_santricity_os_controller | * | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
broadcom | fabric_operating_system | - | |
netapp | a700s_firmware | - | |
netapp | a700s | - | |
netapp | 8300_firmware | - | |
netapp | 8300 | - | |
netapp | 8700_firmware | - | |
netapp | 8700 | - | |
netapp | a400_firmware | - | |
netapp | a400 | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2342E0A5-8C6E-4EC6-8BC5-418E3F975B9D", "versionEndExcluding": "4.4.204", "versionStartIncluding": "3.18", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED947B00-B3CA-41BF-95D0-122D37F5B7BD", "versionEndExcluding": "4.9.204", "versionStartIncluding": "4.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4469430-6F48-41B8-AEDF-8B4E6E8AC03B", "versionEndExcluding": "4.14.157", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "67C4C528-B25B-4D52-8A88-5052932CEEDF", "versionEndExcluding": "4.19.87", "versionStartIncluding": "4.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A13B4BB5-9419-4DE5-AA55-3BEBC16095D6", "versionEndExcluding": "5.3.14", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2217A93-CE4C-44EE-B62F-3697614E9F5E", "versionEndExcluding": "5.4.1", "versionStartIncluding": "5.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "046FB51E-B768-44D3-AEB5-D857145CA840", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*", "matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free." }, { "lang": "es", "value": "Se detect\u00f3 un problema en el archivo drivers/media/platform/vivid en el kernel de Linux versiones hasta 5.3.8. Esto es explotable para una escalada de privilegios en algunas distribuciones de Linux donde los usuarios locales tienen acceso a /dev/video0, pero solo si el controlador ha sido cargado. Se presenta varias condiciones de carrera durante la detenci\u00f3n de la transmisi\u00f3n en este controlador (parte del subsistema V4L2). Estos problemas son causados ??por el bloqueo de mutex incorrecto en las funciones vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming() y los kthreads correspondientes. Al menos una de estas condiciones de carrera conlleva a un uso de la memoria previamente liberada." } ], "id": "CVE-2019-18683", "lastModified": "2024-11-21T04:33:31.440", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-04T16:15:11.327", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2020/Jan/10" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4254-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4254-2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4258-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4284-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4287-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4287-2/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/11/05/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2020/Jan/10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4254-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4254-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4258-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4284-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4287-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4287-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2019/11/02/1" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" }, { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-11 19:29
Modified
2024-11-21 03:53
Severity ?
Summary
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "026806D8-B8D6-4C1C-8E1F-32096D38C937", "versionEndIncluding": "239", "versionStartIncluding": "221", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD53FA62-3E99-4D0B-8C62-4517F5CB8DE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "35A9FD70-E9CA-43AF-A453-E41EAB430E7F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\\(structure_a\\):7_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "6207D51C-883B-4B65-B9BF-408197839BE5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B7614783-C95A-4CBC-81D9-21A044001B6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "83D5DE4F-4616-488D-ABA8-FD608784237E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "656C4506-ECDD-44D7-BFC7-35B1A3E33DF2", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "C81C5D4E-3CAD-43CE-82BC-B0619CA3A74A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "57B5CF5A-D48E-4AD0-91E2-F5BDD44B7A66", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8C7E9628-0915-4C49-8929-F5E060A20CBB", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C450C83-695F-4408-8B4F-0E7D6DDAE345", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \u0027:\u0027. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable." }, { "lang": "es", "value": "Se ha descubierto una lectura fuera de l\u00edmites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos \":\". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. Son vulnerables las versiones desde la v221 hasta la v239." } ], "id": "CVE-2018-16866", "lastModified": "2024-11-21T03:53:28.947", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-11T19:29:00.233", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2019/May/21" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106527" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3222" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0593" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/May/25" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-07" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3855-1/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4367" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2019/May/21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/05/10/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106527" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3222" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2020:0593" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://seclists.org/bugtraq/2019/May/25" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-07" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190117-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3855-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2019/dsa-4367" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.qualys.com/2019/01/09/system-down/system-down.txt" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" }, { "lang": "en", "value": "CWE-200" } ], "source": "secalert@redhat.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son Java SE: 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "id": "CVE-2017-10118", "lastModified": "2024-11-21T03:05:25.390", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.880", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99782" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99782" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-06-22 19:29
Modified
2024-11-21 03:45
Severity ?
Summary
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AC29420-F772-43D0-89AE-2071F4838B2E", "versionEndIncluding": "9.4.8", "versionStartIncluding": "9.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:*:*:*", "matchCriteriaId": "20B49859-49F0-439B-AEF8-79EF71DA0D73", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52", "versionEndIncluding": "11.40", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B80C9D-62AA-42FA-AB46-F8A414FCBE5E", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:*:*:*", "matchCriteriaId": "912520F1-3717-457F-9F05-88BDAB3E5DF9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore." }, { "lang": "es", "value": "En Eclipse Jetty, desde la versi\u00f3n 9.4.0 hasta la 9.4.8, al emplear el FileSessionDataStore opcional provisto por Jetty para el almacenamiento persistente de detalles HttpSession, es posible que un usuario malicioso acceda/secuestre otras HttpSessions e incluso elimine HttpSessions sin coincidencias presentes en el almacenamiento FileSystem para FileSessionDataStore." } ], "id": "CVE-2018-12538", "lastModified": "2024-11-21T03:45:23.610", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-06-22T19:29:00.220", "references": [ { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041194" }, { "source": "emo@eclipse.org", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "source": "emo@eclipse.org", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "emo@eclipse.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-6" } ], "source": "emo@eclipse.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-384" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-02-24 00:29
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
gnu | binutils | 2.32 | |
netapp | element_software | - | |
canonical | ubuntu_linux | 18.04 | |
f5 | traffix_signaling_delivery_controller | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*", "matchCriteriaId": "8A276274-BE53-4BC8-B3E4-3DF151E5FC7D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700", "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section." }, { "lang": "es", "value": "Se ha descubierto un problema en GNU Binutils 2.32. Es un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en process_mips_specific en readelf.c mediante una secci\u00f3n de opci\u00f3n MIPS mal formada." } ], "id": "CVE-2019-9077", "lastModified": "2024-11-21T04:50:56.487", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-02-24T00:29:00.597", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/107139" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202107-24" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190314-0003/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K00056379" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4336-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/107139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202107-24" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190314-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24243" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K00056379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4336-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:22
Severity ?
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux | 8.0 | |
netapp | active_iq_unified_manager | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "037A6DFB-B41D-4CC7-86C1-A201809B79C4", "versionEndExcluding": "5.15", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality." }, { "lang": "es", "value": "Se observ\u00f3 un problema de carrera en el la funci\u00f3n vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de l\u00edmites en vt ya que el acceso de escritura a vc_mode no est\u00e1 protegido por el bloqueo de vt_ioctl (KDSETMDE). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos" } ], "id": "CVE-2021-3753", "lastModified": "2024-11-21T06:22:20.623", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-16T19:15:08.647", "references": [ { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221028-0003/" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999589" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20221028-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2021/09/01/4" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "secalert@redhat.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-125" }, { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
debian | debian_linux | 8.0 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
opensuse | leap | 15.1 | |
opensuse | leap | 15.2 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | hci_compute_node_firmware | - | |
netapp | hci_compute_node | - | |
netapp | a700s_firmware | - | |
netapp | a700s | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h610c_firmware | - | |
netapp | h610c | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - | |
netapp | h615c_firmware | - | |
netapp | h615c | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "816D2241-78E2-4919-9B29-C2CF0F6BDB67", "versionEndExcluding": "5.4.17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8." }, { "lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux versiones anteriores a 5.4.17. El archivo drivers/spi/spi-dw.c, permite a atacantes causar un p\u00e1nico por medio de llamadas concurrentes a las funciones dw_spi_irq y dw_spi_transfer_one, tambi\u00e9n se conoce como CID-19b61392c5a8." } ], "id": "CVE-2020-12769", "lastModified": "2024-11-21T05:00:15.053", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-09T21:15:11.100", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Patch", "Technical Description" ], "url": "https://lkml.org/lkml/2020/2/3/559" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4391-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Patch", "Technical Description" ], "url": "https://lkml.org/lkml/2020/2/3/559" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4391-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-662" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10349", "lastModified": "2024-11-21T03:05:58.983", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.140", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101348" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
cve@mitre.org | https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | Patch, Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | element_software | - | |
netapp | hci_storage_node | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "899BD8D1-E0DF-40D5-AE89-966542B4F09E", "versionEndExcluding": "5.12.19", "versionStartIncluding": "5.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C97AEB3-19D7-4AD5-AE45-466EC5444F87", "versionEndExcluding": "5.13.4", "versionStartIncluding": "5.13.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations." }, { "lang": "es", "value": "El archivo net/sunrpc/xdr.c en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (acceso fuera de los l\u00edmites de xdr_set_page_base) al llevar a cabo muchas operaciones NFS 4.2 READ_PLUS" } ], "id": "CVE-2021-38201", "lastModified": "2024-11-21T06:16:38.697", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-08T20:15:07.147", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: ImageIO). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10089", "lastModified": "2024-11-21T03:05:20.607", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.773", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99659" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99659" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Networking). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de algunos de los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 4.0 (impactos en la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)." } ], "id": "CVE-2017-10295", "lastModified": "2024-11-21T03:05:51.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:02.420", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101384" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10." }, { "lang": "es", "value": "el m\u00e9todo ctl_getitem en ntpd en ntp, en versiones 4.2.8p6 anteriores a la 4.2.8p11 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) mediante un paquete mode 6 manipulado con una instancia ntpd desde la versi\u00f3n 4.2.8p6 hasta la 4.2.8p10." } ], "id": "CVE-2018-7182", "lastModified": "2024-11-21T04:11:44.437", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-03-06T20:29:01.377", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" }, { "source": "cve@mitre.org", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3412" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103191" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "source": "cve@mitre.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/45846/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3412" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103191" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/45846/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vsphere:*:*", "matchCriteriaId": "A692982A-DED0-42C8-BC5B-F25314309F4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10108", "lastModified": "2024-11-21T03:05:23.547", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.553", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99846" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-06-21 15:15
Modified
2024-11-21 07:00
Severity ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9B6EB2C-EF9B-44AF-B083-BF59B8107801", "versionEndExcluding": "1.0.2zf", "versionStartIncluding": "1.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EAA5CAF-1DE6-4730-9E07-9E6594A5D6BF", "versionEndExcluding": "1.1.1p", "versionStartIncluding": "1.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4188DBDA-354F-4939-904D-0A9F8A8AB703", "versionEndExcluding": "3.0.4", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", "versionEndExcluding": "1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "759D1A24-B23B-404E-AD39-F18D7DBAD501", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*", "matchCriteriaId": "80774A35-B0B8-4F9C-99CA-23849978D158", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5CDADAB-72A5-4526-8432-E6C9AC56B29F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "E64576DE-90F0-4F5E-9C82-AB745CFEDBB7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF5AFE69-7990-4F80-9E63-D8AD58AA3A2D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "6415E28A-4EAC-4F7F-BD81-1A55CE8B6F40", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CAA3A789-79F7-4DC8-9722-3958A3162EB4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*", "matchCriteriaId": "18C138F0-706F-44A8-880E-133F66DE164A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA79D39A-A5F2-4C44-A805-5113065F8C25", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "4CA55FBD-6EBA-49C8-92BA-2B1BCCB18A3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "70ECC434-DF20-49A6-B4CF-D5CCA480E57D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*", "matchCriteriaId": "232DC609-8023-41F9-8CE3-1B31CE2F2D93", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3E70A56-DBA8-45C7-8C49-1A036501156F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)." }, { "lang": "es", "value": "Adem\u00e1s de una inyecci\u00f3n de comandos de shell c_rehash identificada en CVE-2022-1292, se encontraron otras circunstancias en las que el script c_rehash no sanea adecuadamente los metacaracteres de shell para evitar la inyecci\u00f3n de comandos mediante la revisi\u00f3n del c\u00f3digo. Cuando fue corregida la CVE-2022-1292 no ha sido detectado que se presentan otros lugares en el script en los que los nombres de archivo de los certificados a los que es aplicado el hash son pasados posiblemente a un comando ejecutado mediante el shell. Este script es distribuido por algunos sistemas operativos de manera que es ejecutado autom\u00e1ticamente. En dichos sistemas operativos, un atacante podr\u00eda ejecutar comandos arbitrarios con los privilegios del script. El uso del script c_rehash es considerado obsoleto y debe ser sustituido por la herramienta de l\u00ednea de comandos OpenSSL rehash. Corregido en OpenSSL versi\u00f3n 3.0.4 (Afectados 3.0.0,3.0.1,3.0.2,3.0.3). Corregido en OpenSSL versi\u00f3n 1.1.1p (Afectado 1.1.1-1.1.1o). Corregido en OpenSSL versi\u00f3n 1.0.2zf (Afectado 1.0.2-1.0.2ze)" } ], "id": "CVE-2022-2068", "lastModified": "2024-11-21T07:00:16.017", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-06-21T15:15:09.060", "references": [ { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/" }, { "source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0008/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5169" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20220621.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0008/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5169" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20220621.txt" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_worksation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "403EECF4-3047-4BBE-90A5-DD2F2E4802D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_worksation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A09953EF-7E14-4200-9C77-002841927CB1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0.:*:*:*:*:*:*:*", "matchCriteriaId": "6CAA19EC-9A21-4084-A914-CF12171F940A", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: RMI). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10285", "lastModified": "2024-11-21T03:05:50.107", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:02.217", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101319" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101319" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
cve@mitre.org | https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | Patch, Third Party Advisory | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | element_software | - | |
netapp | hci_storage_node | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223", "versionEndExcluding": "5.13.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd." }, { "lang": "es", "value": "El archivo fs/nfsd/trace.h en el kernel de Linux versiones anteriores a 5.13.4, podr\u00eda permitir a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de los l\u00edmites en strlen) mediante el env\u00edo de tr\u00e1fico NFS cuando el marco de eventos de rastreo se est\u00e1 usando para nfsd" } ], "id": "CVE-2021-38202", "lastModified": "2024-11-21T06:16:38.897", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-08T20:15:07.180", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-14 22:29
Modified
2024-11-21 03:53
Severity ?
Summary
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
systemd_project | systemd | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 19.10 | |
redhat | enterprise_linux | 7.0 | |
netapp | active_iq_performance_analytics_services | - | |
netapp | element_software | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FFE2618-BA1B-4FAB-8449-83CAAFCDCFAA", "versionEndExcluding": "237", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "83077160-BB98-408B-81F0-8EF9E566BF28", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable." }, { "lang": "es", "value": "Se ha descubierto que systemd no comprueba correctamente el contenido de archivos PIDFile antes de emplearlo para terminar procesos. Cuando un servicio se ejecuta desde un usuario sin privilegios (p.ej. un campo de usuario establecido en el archivo de servicio) un atacante local capaz de escribir en el archivo PIDFile del servicio mencionado podr\u00eda aprovechar este fallo para enga\u00f1ar a systemd para que termine otros servicios y/o procesos privilegiados. Las versiones anteriores a la v237 son vulnerables." } ], "id": "CVE-2018-16888", "lastModified": "2024-11-21T03:53:32.423", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-14T22:29:00.233", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888" }, { "source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4269-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2091" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16888" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74%40%3Cuser.cassandra.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190307-0007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4269-1/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-250" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "D8236A99-A6FC-4C71-A506-55B48FCD3A44", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EAA5561-CA42-457A-B63E-96A79258758B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.8 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." } ], "id": "CVE-2017-10198", "lastModified": "2024-11-21T03:05:36.940", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:05.837", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99818" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99818" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
haxx | curl | * | |
fedoraproject | fedora | 35 | |
debian | debian_linux | 11.0 | |
netapp | clustered_data_ontap | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | hci_compute_node | - | |
netapp | bootstrap_os | - | |
netapp | h300s | - | |
netapp | h300s_firmware | - | |
netapp | h500s | - | |
netapp | h500s_firmware | - | |
netapp | h700s | - | |
netapp | h700s_firmware | - | |
netapp | h410s | - | |
netapp | h410s_firmware | - | |
apple | macos | * | |
splunk | universal_forwarder | * | |
splunk | universal_forwarder | * | |
splunk | universal_forwarder | 9.1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6ECDBA5-3DD5-4F58-9E05-14A4C7A4E44B", "versionEndExcluding": "7.84.0", "versionStartIncluding": "7.69.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC", "versionEndExcluding": "13.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended." }, { "lang": "es", "value": "Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operaci\u00f3n sea at\u00f3mica al finalizar la operaci\u00f3n con un renombramiento de un nombre temporal al nombre final del archivo de destino. En esa operaci\u00f3n de renombramiento, podr\u00eda accidentalmente *ampliar* los permisos del archivo de destino, dejando el archivo actualizado accesible a m\u00e1s usuarios de los previstos" } ], "id": "CVE-2022-32207", "lastModified": "2024-11-21T07:05:55.320", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-07T13:15:08.403", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "support@hackerone.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1573634" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1573634" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-840" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-18 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4679B03-664B-40B0-91D8-597E13ED6B42", "versionEndIncluding": "5.6.13", "versionStartIncluding": "3.16", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal \u0027\\0\u0027 value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4." }, { "lang": "es", "value": "En la funci\u00f3n gadget_dev_desc_UDC_store en el archivo drivers/usb/gadget/configfs.c en el kernel de Linux versi\u00f3n 3.16 hasta la versi\u00f3n 5.6.13, se basa en kstrdup sin considerar la posibilidad de un valor \"\\0\" interno, lo que permite a atacantes desencadenar una lectura fuera de l\u00edmites, tambi\u00e9n se conoce como CID-15753588bcd4" } ], "id": "CVE-2020-13143", "lastModified": "2024-11-21T05:00:44.170", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-18T18:15:11.347", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4414-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.spinics.net/lists/linux-usb/msg194331.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4414-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.spinics.net/lists/linux-usb/msg194331.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DA4F304-3992-42BA-ABB5-5E3A7A066A42", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, Java SE Embedded y JRockit, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 8.3 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10116", "lastModified": "2024-11-21T03:05:25.050", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.820", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99734" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99734" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "id": "CVE-2017-10115", "lastModified": "2024-11-21T03:05:24.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.773", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99774" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99774" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-04-29 13:15
Modified
2024-11-21 04:58
Severity ?
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0FB4B86-B8D8-473E-8D1D-3C058D143AF6", "versionEndExcluding": "4.19.119", "versionStartIncluding": "4.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ABDE4F3-29C6-459E-B0B7-751B93447AF0", "versionEndExcluding": "5.4.36", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D62C084A-6676-40AF-868A-D90CDFAB7DDD", "versionEndExcluding": "5.6.8", "versionStartIncluding": "5.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur." }, { "lang": "es", "value": "En el kernel de Linux versi\u00f3n 4.9 hasta la versi\u00f3n 5.6.7, en la plataforma s390, una ejecuci\u00f3n de c\u00f3digo puede presentarse debido a una condici\u00f3n de carrera, como es demostrado por el c\u00f3digo en la funci\u00f3n enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualizaci\u00f3n concurrente de la tabla de p\u00e1gina, tambi\u00e9n se conoce como CID-3f777e19d171. Tamb\u00eden podr\u00eda ocurrir un bloqueo" } ], "id": "CVE-2020-11884", "lastModified": "2024-11-21T04:58:49.463", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-04-29T13:15:11.647", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4342-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4343-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4345-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4667" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4342-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4343-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4345-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4667" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vsphere:*:*", "matchCriteriaId": "C54F036F-C6F9-47B5-AFFA-DD3C1D08DD9B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.2.2:*:*:*:*:vsphere:*:*", "matchCriteriaId": "88B2E009-A457-4C3D-A8CF-84B7F3E8DA90", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones de Java Web Start en sandbox o applets de Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ], "id": "CVE-2017-10067", "lastModified": "2024-11-21T03:05:17.363", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.100", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99756" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99756" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar con acceso a la infraestructura en la que se ejecutan Java SE, Java SE Embedded, JRockit comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.2 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "id": "CVE-2017-10356", "lastModified": "2024-11-21T03:06:00.190", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.420", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101413" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101413" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-06-26 16:29
Modified
2024-11-21 03:32
Severity ?
Summary
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "486E784F-1FC5-42AA-B144-EDBE5FE9B993", "versionEndIncluding": "9.2.26", "vulnerable": true }, { "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "C513260A-7AD7-44C2-97F0-167B5819475E", "versionEndExcluding": "9.3.24", "versionStartIncluding": "9.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A720480-0A8A-48FE-85FE-6973DAB7A7D5", "versionEndExcluding": "9.4.11", "versionStartIncluding": "9.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CF77086-43C1-44DB-A574-61A9A3DD1220", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5F95A41-A496-481C-A906-E0307AC1EA63", "versionEndIncluding": "11.50.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "E902EEC6-9A41-4FBC-8D81-891DF846A5CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*", "matchCriteriaId": "855D6A52-F96F-4CA0-A59C-4D42173F22E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:3.x:*:*:*:*:*:*:*", "matchCriteriaId": "8BE20EF7-C8A3-4C2A-BE0C-C26452830C31", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "97547862-C382-4F46-B393-481D40E924E8", "versionEndExcluding": "5.2.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snap_creator_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E234481-81F5-42D7-A4EC-F71245268D5C", "versionEndExcluding": "4.3.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*", "matchCriteriaId": "33862093-55AD-46CE-97F5-0A00A62766FD", "versionEndExcluding": "4.1p3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*", "matchCriteriaId": "41436638-0B88-4823-8208-81C01F2CA6A6", "versionEndExcluding": "3.4.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*", "matchCriteriaId": "910F5303-1F70-44E3-A951-567447BC46FF", "versionEndExcluding": "3.4.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:hp:xp_p9000_command_view:*:*:*:*:advanced:*:*:*", "matchCriteriaId": "92C306B7-185C-4CC4-8DEF-4C57B61C49AF", "versionEndExcluding": "8.6.2-00", "versionStartIncluding": "8.4.0-00", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:xp_p9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC9BC28-72E9-4D53-B388-6A8AB7CFD22E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request." }, { "lang": "es", "value": "En Eclipse Jetty, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones) y versiones 9.4.x (configuraci\u00f3n personalizada con el cumplimiento RFC2616 habilitado), los fragmentos transfer-encoding se gestionan de forma incorrecta. El an\u00e1lisis de longitud de fragmento era vulnerable a un desbordamiento de enteros. As\u00ed, podr\u00eda interpretarse un tama\u00f1o de fragmento grande como un tama\u00f1o menor y el contenido enviado como cuerpo del fragmento podr\u00eda interpretarse como una petici\u00f3n pipelined. Si Jetty se despliega tras un intermediario que impon\u00eda autorizaci\u00f3n y el intermediario permit\u00eda que se pasasen o no se cambiasen grandes fragmentos arbitrarios, este error podr\u00eda emplearse para omitir la autorizaci\u00f3n impuesta por el intermediario, ya que la petici\u00f3n pipelined falsa no ser\u00eda interpretada por el intermediario como una petici\u00f3n." } ], "id": "CVE-2017-7657", "lastModified": "2024-11-21T03:32:23.613", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-06-26T16:29:00.257", "references": [ { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041194" }, { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E" }, { "source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E" }, { "source": "emo@eclipse.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "source": "emo@eclipse.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "source": "emo@eclipse.org", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "emo@eclipse.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "emo@eclipse.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8%40%3Ccommits.druid.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae%40%3Ccommits.druid.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574%40%3Ccommits.druid.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-444" } ], "source": "emo@eclipse.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-190" }, { "lang": "en", "value": "CWE-444" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-03-08 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
freebsd | freebsd | 10.3 | |
freebsd | freebsd | 10.4 | |
freebsd | freebsd | 11.1 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 17.10 | |
canonical | ubuntu_linux | 18.04 | |
netapp | element_software | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", "matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "E102E760-362C-4DC7-BDED-E2CF9F94ECE7", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD5B9266-A927-4F62-8742-721CE9A4C4C4", "vulnerable": true }, { "criteria": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5753931-556B-4EEC-B510-751BA3613CE6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n decodearr en ntpq en ntp, desde la versi\u00f3n 4.2.8p6 hasta la 4.2.8p10, permite que atacantes remotos ejecuten c\u00f3digo arbitrario aprovechando una consulta ntpq y enviando una respuesta con un array manipulado." } ], "id": "CVE-2018-7183", "lastModified": "2024-11-21T04:11:44.593", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-03-08T20:29:00.423", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3414" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103351" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "source": "cve@mitre.org", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3707-2/" }, { "source": "cve@mitre.org", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug3414" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103351" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201805-12" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3707-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3707-2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_18_13" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: AWT). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10110", "lastModified": "2024-11-21T03:05:23.953", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.617", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99643" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99643" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-05 06:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
opensuse | leap | 15.1 | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | hci_compute_node_firmware | - | |
netapp | hci_compute_node | - | |
netapp | a700s_firmware | - | |
netapp | a700s | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h610c_firmware | - | |
netapp | h610c | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - | |
netapp | h615c_firmware | - | |
netapp | h615c | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "25611CC0-E1DB-4D7B-82DF-D16CB8355844", "versionEndExcluding": "5.5.4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea." }, { "lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux versiones anteriores a 5.5.4. La funci\u00f3n mwifiex_cmd_append_vsie_tlv() en el archivo drivers/net/wireless/marvell/mwifiex/scan.c permite a usuarios locales alcanzar privilegios o causar una denegaci\u00f3n de servicio debido a una memcpy incorrecta y al desbordamiento del b\u00fafer, tambi\u00e9n se conoce como CID-b70261a288ea." } ], "id": "CVE-2020-12653", "lastModified": "2024-11-21T04:59:59.723", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-05T06:15:11.043", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/08/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4698" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | graalvm | 20.3.5 | |
oracle | graalvm | 21.3.1 | |
oracle | graalvm | 22.0.0.2 | |
oracle | java_se | 7u331 | |
oracle | java_se | 8u321 | |
oracle | java_se | 11.0.14 | |
oracle | java_se | 17.0.2 | |
oracle | java_se | 18 | |
netapp | active_iq_unified_manager | - | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_insights_acquisition_unit | - | |
netapp | cloud_secure_agent | - | |
netapp | e-series_santricity_os_controller | * | |
netapp | e-series_santricity_storage_manager | - | |
netapp | e-series_santricity_web_services | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | oncommand_insight | - | |
netapp | santricity_unified_manager | - | |
netapp | solidfire | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
azul | zulu | 6.45 | |
azul | zulu | 7.52 | |
azul | zulu | 8.60 | |
azul | zulu | 11.54 | |
azul | zulu | 13.46 | |
azul | zulu | 15.38 | |
azul | zulu | 17.32 | |
azul | zulu | 18.28 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*", "matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*", "matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*", "matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*", "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negaci\u00f3n parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n base 3.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)" } ], "id": "CVE-2022-21443", "lastModified": "2024-11-21T06:44:42.700", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "secalert_us@oracle.com", "type": "Secondary" } ] }, "published": "2022-04-19T21:15:15.800", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Security). Las versiones compatibles que se han visto afectadas son Java SE: 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start en sandbox o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "id": "CVE-2017-10176", "lastModified": "2024-11-21T03:05:33.720", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:05.163", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99788" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99788" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Severity ?
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
netapp | cloud_backup | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F533643-6482-466F-87F2-9446C8214FF5", "versionEndExcluding": "4.9.228", "versionStartIncluding": "4.5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "82A795AE-6C0D-4C70-93E8-CB1183C8F147", "versionEndExcluding": "4.14.185", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96593438-C71A-47FD-B19B-F54C6E65BDA5", "versionEndExcluding": "4.19.129", "versionStartIncluding": "4.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "55E407BF-74C3-42AB-8591-2385D5732960", "versionEndExcluding": "5.4.48", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "45E1B7E8-BF1C-4AFA-9862-DAE3916A8846", "versionEndExcluding": "5.7.5", "versionStartIncluding": "5.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1." }, { "lang": "es", "value": "Se detect\u00f3 un problema en la funci\u00f3n __split_huge_pmd en el archivo mm/huge_memory.c en el kernel de Linux versiones anteriores a 5.7.5. La implementaci\u00f3n copy-on-write puede otorgar acceso de escritura no previsto debido a una condici\u00f3n de carrera en una comprobaci\u00f3n de conteo de mapas THP, tambi\u00e9n se conoce como CID-c444eb564fb1" } ], "id": "CVE-2020-29368", "lastModified": "2024-11-21T05:23:55.457", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-11-28T07:15:11.460", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210108-0002/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openbsd | openssh | * | |
winscp | winscp | * | |
netapp | element_software | - | |
netapp | ontap_select_deploy | - | |
netapp | storage_automation_store | - | |
siemens | scalance_x204rna_firmware | * | |
siemens | scalance_x204rna | - | |
siemens | scalance_x204rna_eec_firmware | * | |
siemens | scalance_x204rna_eec | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D09A55-B853-43B5-8397-E2AC6CD0EBBC", "versionEndIncluding": "7.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D0A98E2-B715-4EF5-9CF8-07500E119271", "versionEndIncluding": "5.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D3A0312-1249-4257-98F1-57E8959989C5", "versionEndExcluding": "3.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C9671-47BB-43CB-8906-9BC2B86B3229", "versionEndExcluding": "3.2.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*", "matchCriteriaId": "C834C295-D600-44E8-9783-49A319084F5A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred." }, { "lang": "es", "value": "En OpenSSH 7.9, debido a la aceptaci\u00f3n y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear c\u00f3digos de control de ANSI para ocultar los archivos adicionales que se est\u00e1n transfiriendo." } ], "id": "CVE-2019-6110", "lastModified": "2024-11-21T04:45:57.737", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-01-31T18:29:00.807", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/46193/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190213-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/46193/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-838" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10357", "lastModified": "2024-11-21T03:06:00.423", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.467", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101355" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101355" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:phoenixcontact:fl_mguard_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8556AADE-54E7-4D1B-A5AB-D37EF3B4962E", "versionEndIncluding": "1.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JCE). Las versiones compatibles que se han visto afectadas son Java SE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos de suma importancia o un acceso completo a todos los datos accesibles de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.9 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "id": "CVE-2017-10135", "lastModified": "2024-11-21T03:05:27.500", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:04.413", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99839" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert.vde.com/en-us/advisories/vde-2017-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "BB6FD3C7-7214-4E28-9A88-FBA91F2A4277", "versionStartIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A85C4E34-7F3B-4137-9D4C-9C80490B3409", "versionStartIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: JavaFX). Las versiones compatibles que se han visto afectadas son JavaSE: 7u141 y 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10086", "lastModified": "2024-11-21T03:05:20.140", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:02.677", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99662" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-4005" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99662" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-08 15:15
Modified
2024-11-21 04:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
redhat | enterprise_linux | 7.0 | |
redhat | enterprise_linux | 8.0 | |
debian | debian_linux | 8.0 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
opensuse | leap | 15.1 | |
netapp | active_iq_unified_manager | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | hci_compute_node | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h610c_firmware | - | |
netapp | h610c | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - | |
netapp | h615c_firmware | - | |
netapp | h615c | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5835B8E0-83CB-4B09-A21A-3CB59AF41F62", "versionEndExcluding": "5.5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode." }, { "lang": "es", "value": "Se presenta un uso de la memoria previamente liberada en kernel versiones anteriores a 5.5, debido a una condici\u00f3n de carrera entre la liberaci\u00f3n de ptp_clock y cdev durante la desasignaci\u00f3n de recursos. Cuando un proceso (muy privilegiado) asigna un archivo de dispositivo ptp (como /dev/ptpX) y voluntariamente se va a dormir. Durante este tiempo, si el dispositivo subyacente es removido, puede causar una condici\u00f3n explotable a medida que el proceso se activa para terminar y limpiar todos los archivos adjuntos. El sistema se bloquea debido a que la estructura cdev no est\u00e1 siendo v\u00e1lida (ya que se ha liberado), lo cual se\u00f1ala el inode." } ], "id": "CVE-2020-10690", "lastModified": "2024-11-21T04:55:51.727", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-08T15:15:11.880", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4419-1/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAXP). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 presente en Java SE y Java SE Embedded, los ataques podr\u00edan afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 9.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." } ], "id": "CVE-2017-10096", "lastModified": "2024-11-21T03:05:21.617", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.100", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99670" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99670" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-10-29 13:29
Modified
2024-11-21 03:38
Severity ?
Summary
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "5953EAB1-D0E8-48EA-B07D-3B828E6BB326", "versionEndIncluding": "1.1.0i", "versionStartIncluding": "1.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F69F3542-173D-4E0D-99BB-42FDD206D996", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "5725F854-27B7-4BC1-8DCA-FAC0B4E41139", "versionEndExcluding": "10.12.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "4E62EA78-C705-4AC9-9C0B-3C9114087C37", "versionEndExcluding": "11.3.0", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*", "matchCriteriaId": "541EAE2B-5446-46CE-BC91-13188EAD6092", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBF1DFDA-FB66-4CEA-A658-B167326D1D96", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C", "versionStartIncluding": "9.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DF5449D-22D2-48B4-8F50-57B43DCB15B9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "BD941CDF-8486-43F7-9D98-2B8785B1B139", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDE18990-1FC9-4624-971B-2E87BF0871AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "17C29F2D-CBE6-4E22-98AE-787E939ED161", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "65B4E766-8D75-48A9-8267-6EE1407B949D", "versionEndIncluding": "5.6.42", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "F17AD8D0-6D79-4E7D-9CD6-9B130A529C5D", "versionEndIncluding": "5.7.24", "versionStartIncluding": "5.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "C743C44C-2E97-4E5E-8C76-FC0E666BA115", "versionEndIncluding": "8.0.13", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8", "versionEndExcluding": "6.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3F69D90-6F4D-4D09-8F60-E36072303E32", "versionEndExcluding": "5.2.24", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." }, { "lang": "es", "value": "Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral. Un atacante podr\u00eda emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1)." } ], "id": "CVE-2018-0735", "lastModified": "2024-11-21T03:38:50.413", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-10-29T13:29:00.263", "references": [ { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105750" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041986" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1" }, { "source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { "source": "openssl-security@openssl.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105750" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041986" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3700" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20181029.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-327" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
debian | debian_linux | 9.0 | |
opensuse | leap | 15.1 | |
opensuse | leap | 15.2 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 20.04 | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_backup | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | steelstore_cloud_integrated_storage | - | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | a700s_firmware | - | |
netapp | a700s | - | |
netapp | h300s_firmware | - | |
netapp | h300s | - | |
netapp | h500s_firmware | - | |
netapp | h500s | - | |
netapp | h700s_firmware | - | |
netapp | h700s | - | |
netapp | h300e_firmware | - | |
netapp | h300e | - | |
netapp | h500e_firmware | - | |
netapp | h500e | - | |
netapp | h700e_firmware | - | |
netapp | h700e | - | |
netapp | h410s_firmware | - | |
netapp | h410s | - | |
netapp | h410c_firmware | - | |
netapp | h410c | - | |
netapp | h610c_firmware | - | |
netapp | h610c | - | |
netapp | h610s_firmware | - | |
netapp | h610s | - | |
netapp | h615c_firmware | - | |
netapp | h615c | - | |
oracle | sd-wan_edge | 8.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4", "versionEndIncluding": "5.6.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails." }, { "lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.6.11. La funci\u00f3n btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operaci\u00f3n de coalescencia." } ], "id": "CVE-2020-12771", "lastModified": "2024-11-21T05:00:15.450", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-09T21:15:11.210", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lkml.org/lkml/2020/4/26/87" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4462-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4463-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4465-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4483-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4485-1/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lkml.org/lkml/2020/4/26/87" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4462-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4463-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4465-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4483-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4485-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-667" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10109", "lastModified": "2024-11-21T03:05:23.753", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:03.587", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99847" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3919" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-07 04:15
Modified
2024-11-21 06:16
Severity ?
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
linux | linux_kernel | * | |
netapp | hci_bootstrap_os | - | |
netapp | hci_compute_node | - | |
netapp | hci_management_node | - | |
netapp | solidfire | - | |
netapp | hci_storage_node | - | |
netapp | element_software | - | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
redhat | enterprise_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DAFBDE6-EDBA-4AB8-9AF9-6359EB1CE1A0", "versionEndExcluding": "4.4.276", "versionStartIncluding": "2.6.24", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C79FFC06-9530-4CD7-B651-01D786CC925E", "versionEndExcluding": "4.9.276", "versionStartIncluding": "4.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB359B2E-773D-4D52-9915-E07A47ABE72B", "versionEndExcluding": "4.14.240", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2", "versionEndExcluding": "4.19.198", "versionStartIncluding": "4.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "508D9771-335F-44A6-9F2F-880DF1267A1F", "versionEndExcluding": "5.4.134", "versionStartIncluding": "4.20", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62", "versionEndExcluding": "5.10.52", "versionStartIncluding": "5.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E", "versionEndExcluding": "5.12.19", "versionStartIncluding": "5.11", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F93FA3CC-0C79-410B-A7D7-245C2AA0723A", "versionEndExcluding": "5.13.4", "versionStartIncluding": "5.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [ { "sourceIdentifier": "cve@mitre.org", "tags": [ "disputed" ] } ], "descriptions": [ { "lang": "en", "value": "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf-\u003elen value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior" }, { "lang": "es", "value": "** EN DISPUTA ** En el archivo drivers/char/virtio_console.c en el kernel de Linux versiones anteriores a 5.13.4, la corrupci\u00f3n o p\u00e9rdida de datos puede ser desencadenada por un dispositivo no fiable que suministre un valor buf-)len excediendo el tama\u00f1o del buffer. NOTA: El proveedor indica que la citada corrupci\u00f3n de datos no es una vulnerabilidad en ning\u00fan caso de uso existente; la validaci\u00f3n de la longitud se a\u00f1adi\u00f3 \u00fanicamente para la robustez frente a un comportamiento an\u00f3malo del sistema operativo anfitri\u00f3n." } ], "id": "CVE-2021-38160", "lastModified": "2024-11-21T06:16:31.280", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-07T04:15:06.967", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/cve-2021-38160" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/cve-2021-38160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210902-0010/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4978" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4", "versionEndIncluding": "5.6.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040." }, { "lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.6.11. La funci\u00f3n sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, tambi\u00e9n se conoce como CID-83c6f2390040." } ], "id": "CVE-2020-12770", "lastModified": "2024-11-21T05:00:15.243", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-09T21:15:11.163", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lkml.org/lkml/2020/4/13/870" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4414-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4699" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lkml.org/lkml/2020/4/13/870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4411-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4412-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4413-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4414-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4419-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4699" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:7.0:update_331:*:*:*:*:*:*", "matchCriteriaId": "AC99AA10-93C5-4B27-A991-FD29496FDF1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:8.0:update_321:*:*:*:*:*:*", "matchCriteriaId": "C66D72B5-055F-45BD-AD02-C5E086AB5B63", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "681BFE5C-6F33-4084-8F0D-2DD573782004", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A29CF53D-7DDC-4B60-8232-6C173083101F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*", "matchCriteriaId": "FBA091EC-B5A9-468D-B99C-BB6F333E7B64", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C0D3169-24B4-4733-BD40-59D0BB5DAC13", "versionEndIncluding": "11.0.14", "versionStartIncluding": "11", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1D003C0-042E-4126-AEDA-F85863FEAB45", "versionEndIncluding": "13.0.10", "versionStartIncluding": "13", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC2C87EC-6234-482F-B597-962E3C52D01B", "versionEndIncluding": "15.0.6", "versionStartIncluding": "15", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "38F4BE82-B2A6-4E48-B1E0-100ACF94B9CD", "versionEndIncluding": "17.0.2", "versionStartIncluding": "17", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", "matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", "matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", "matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", "matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", "matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", "matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", "matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", "matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", "matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", "matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", "matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", "matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", "matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", "matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", "matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", "matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", "matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", "matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", "matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", "matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", "matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", "matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", "matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", "matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", "matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", "matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", "matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", "matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", "matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", "matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", "matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*", "matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*", "matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*", "matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update331:*:*:*:*:*:*", "matchCriteriaId": "A8971E08-2CA2-46F4-8C26-12D2AFAC3B04", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", "matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", "matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", "matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", "matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", "matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", "matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", "matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", "matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", "matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", "matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", "matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", "matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", "matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", "matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", "matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", "matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", "matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", "matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", "matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", "matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", "matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." }, { "lang": "es", "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 7.5 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)" } ], "id": "CVE-2022-21476", "lastModified": "2024-11-21T06:44:47.470", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert_us@oracle.com", "type": "Secondary" } ] }, "published": "2022-04-19T21:15:17.503", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "66CB92D2-A529-4912-9D59-40EAC3F5D674", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: Serialization). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "id": "CVE-2017-10281", "lastModified": "2024-11-21T03:05:49.407", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:02.107", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101378" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:06
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por Kerberos comprometa la seguridad de Java SE y Java SE Embedded. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Java SE y Java SE Embedded. Nota: Esto afecta al cliente de Kerberos de Java SE. CVSS 3.0 Base Score 7.5 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." } ], "id": "CVE-2017-10388", "lastModified": "2024-11-21T03:06:04.590", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:05.403", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101321" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101321" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E27893-D80C-4F7C-A87B-CEEA709A8E9F", "versionEndExcluding": "7.84.0", "versionStartIncluding": "7.71.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC", "versionEndExcluding": "13.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C", "versionEndExcluding": "3.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method." }, { "lang": "es", "value": "Un servidor malicioso puede servir cantidades excesivas de encabezados \"Set-Cookie:\" en una respuesta HTTP a curl y curl versiones anteriores a 7.84.0 las almacena todas. Una cantidad suficientemente grande de cookies (grandes) hace que las subsiguientes peticiones HTTP a este, o a otros servidores con los que coincidan las cookies, creen peticiones que superen el umbral que curl usa internamente para evitar el env\u00edo de peticiones locamente grandes (1048576 bytes) y en su lugar devuelva un error. Este estado de denegaci\u00f3n puede permanecer mientras sea mantenidas las mismas cookies, coincidan y no hayan expirado. Debido a las reglas de coincidencia de cookies, un servidor en \"foo.example.com\" puede establecer cookies que tambi\u00e9n coincidan para \"bar.example.com\", haciendo posible que un \"servidor hermano\" cause efectivamente una denegaci\u00f3n de servicio para un sitio hermano en el mismo dominio de segundo nivel usando este m\u00e9todo" } ], "id": "CVE-2022-32205", "lastModified": "2024-11-21T07:05:54.910", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-07-07T13:15:08.277", "references": [ { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "support@hackerone.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "source": "support@hackerone.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1569946" }, { "source": "support@hackerone.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "support@hackerone.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://hackerone.com/reports/1569946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" } ], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "support@hackerone.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | graalvm | 20.3.5 | |
oracle | graalvm | 21.3.1 | |
oracle | graalvm | 22.0.0.2 | |
oracle | java_se | 7u331 | |
oracle | java_se | 8u321 | |
oracle | java_se | 11.0.14 | |
oracle | java_se | 17.0.2 | |
oracle | java_se | 18 | |
netapp | active_iq_unified_manager | - | |
netapp | active_iq_unified_manager | - | |
netapp | cloud_insights_acquisition_unit | - | |
netapp | cloud_secure_agent | - | |
netapp | e-series_santricity_os_controller | * | |
netapp | e-series_santricity_storage_manager | - | |
netapp | e-series_santricity_web_services | - | |
netapp | element_software | - | |
netapp | hci_management_node | - | |
netapp | oncommand_insight | - | |
netapp | santricity_unified_manager | - | |
netapp | solidfire | - | |
netapp | bootstrap_os | - | |
netapp | hci_compute_node | - | |
debian | debian_linux | 9.0 | |
azul | zulu | 6.45 | |
azul | zulu | 7.52 | |
azul | zulu | 8.60 | |
azul | zulu | 11.54 | |
azul | zulu | 13.46 | |
azul | zulu | 15.38 | |
azul | zulu | 17.32 | |
azul | zulu | 18.28 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", "matchCriteriaId": "079F2588-2746-408B-9BB0-9A569289985B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "51600424-E294-41E0-9C8B-12D0C3456027", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C3D12B98-032F-49A6-B237-E0CAD32D9A25", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*", "matchCriteriaId": "C15F860C-6B33-4950-B443-E2A7D4639573", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*", "matchCriteriaId": "696E27A2-34A2-49A8-BEF4-61718D11DD2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "00AC1B6D-9156-40A3-B606-845CCC33D724", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*", "matchCriteriaId": "022EC03C-1574-4421-9AB7-0EEF0D089322", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", "matchCriteriaId": "850B5359-7804-406B-9DC9-D22D65ACEE40", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", "matchCriteriaId": "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", "matchCriteriaId": "6AC61C25-871B-4F6F-A5F0-77359F373681", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", "matchCriteriaId": "12A59E25-5ED3-4A6D-95F6-45750866E0D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", "matchCriteriaId": "FC0DC492-706E-42FE-8757-71873B53C417", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", "matchCriteriaId": "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", "matchCriteriaId": "28D25E37-5479-4876-B46C-28FF87384852", "vulnerable": true }, { "criteria": "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*", "matchCriteriaId": "7AD8BF00-C510-4E63-8949-CB64E9043610", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." }, { "lang": "es", "value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)" } ], "id": "CVE-2022-21496", "lastModified": "2024-11-21T06:44:50.123", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert_us@oracle.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-04-19T21:15:18.497", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220429-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5131" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "7037AEF9-403D-43EC-ABBB-B46619241586", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*", "matchCriteriaId": "D53D6C3C-C8F3-4FF4-AE9C-1BFF14E74EDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." }, { "lang": "es", "value": "Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Smart Card IO). Las versiones compatibles que se han visto afectadas son Java SE: 6u161, 7u151, 8u144 y 9. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos cr\u00edticos o de todos los datos accesibles de Java SE, as\u00ed como el acceso sin autorizaci\u00f3n a datos confidenciales o todos los datos accesibles de Java SE. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox de aislado Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 6.8 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." } ], "id": "CVE-2017-10274", "lastModified": "2024-11-21T03:05:48.267", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:01.873", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101333" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-15 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF8D3C1A-7029-4267-B1EA-3D12CAC1EA55", "versionEndIncluding": "5.6.13", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B7DA42F-5D64-4967-A2D4-6210FE507841", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89612649-BACF-4FAC-9BA4-324724FD93A6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5921A877-18BF-43FE-915C-D226E140ACFC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7296A1F2-D315-4FD5-8A73-65C480C855BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space." }, { "lang": "es", "value": "El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado." } ], "id": "CVE-2020-12888", "lastModified": "2024-11-21T05:00:29.897", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-15T18:15:13.650", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/" }, { "source": "cve@mitre.org", "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/" }, { "source": "cve@mitre.org", "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4525-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4526-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/05/19/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20200608-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4525-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4526-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-19 17:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "B781F1F7-DE18-41F7-83C1-8690B0884DDE", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "6D36F2A6-1329-4D74-BADC-C22D46CF7CFB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "270968EC-7662-41E1-BA9B-D259BEC53A1F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*", "matchCriteriaId": "71219100-B476-4062-A40A-13F1B8C7DAED", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*", "matchCriteriaId": "FCC055BA-0D21-4D2B-AC9B-B81B8468860C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "66910F84-DDFD-4BA8-BE7F-44EB5E3F9C3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "6BF60DAD-DAA2-4543-B82E-8E17F7B1DA06", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE y Java SE Embedded de Oracle Java SE (subcomponente: JAX-WS). Las versiones compatibles que se han visto afectadas son Java SE: 7u151, 8u144 y 9; Java SE Embedded: 8u144. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por m\u00faltiples protocolos comprometa la seguridad de Java SE y Java SE Embedded. Los ataques exitosos a esta vulnerabilidad pueden dar lugar a la capacidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DoS parcial) en Java SE y Java SE Embedded. Nota: Esta vulnerabilidad se aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o applets Java en sandbox que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo proveniente de internet) y que conf\u00edan en la sandbox Java para protegerse. Esta vulnerabilidad no se aplica a implementaciones Java, normalmente en servidores, que solo cargan y ejecutan c\u00f3digo de confianza (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.0 Base Score 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)" } ], "id": "CVE-2017-10350", "lastModified": "2024-11-21T03:05:59.190", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-19T17:29:04.170", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101341" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/101341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1039596" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2998" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2999" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3046" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3264" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3268" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201710-31" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201711-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171019-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2017/dsa-4048" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-08 15:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "A3322D72-6B56-467E-90E5-5DCE0FA1F431", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "C4D0E043-D34F-446D-879B-692E3CF500C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "106E9F69-857A-42F8-A727-2650C896D3B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update151:*:*:*:*:*:*", "matchCriteriaId": "673DD72C-4FC8-406A-A24A-B06DD709649C", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update141:*:*:*:*:*:*", "matchCriteriaId": "363C8E7E-2EEA-4308-A141-854B9EC17AAB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update131:*:*:*:*:*:*", "matchCriteriaId": "595FC4B7-418E-457C-ADCC-0A49A676D629", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "5B1FE26D-1936-475A-B644-BBB4281FB5C1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E32A4C2E-3DA6-4BE5-9D95-9F800B01ED9A", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A79A7B7-2CE9-4F5E-B76D-01A882C66226", "versionEndIncluding": "7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1E35D95E-CCBF-4335-A4DB-02218BA172DE", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B92F025C-D612-4A64-B138-E6B4B113B504", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "923F6B82-6A8B-4994-89F6-C430775D5234", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", "versionStartIncluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:virtual_storage_console:6.0:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "2AA40F7F-504D-47A9-9778-EC4CE46EB8BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)." }, { "lang": "es", "value": "Vulnerabilidad en los componentes Java SE, Java SE Embedded y JRockit de Oracle Java SE (subcomponente: JAX-WS). Las versiones compatibles que se han visto afectadas son JavaSE: 6u151, 7u141 y 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Java SE, Java SE Embedded y JRockit. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n de un subconjunto de datos accesibles de Java SE, Java SE Embedded y JRockit. Adem\u00e1s, pueden dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Java SE, Java SE Embedded y JRockit. Nota: Esta vulnerabilidad puede ser explotada mediante aplicaciones Java Web Start en sandbox y applets Java en sandbox. Tambi\u00e9n puede ser explotada proporcionando datos a las API en los componentes especificados sin emplear aplicaciones Java Web Start o applets Java en sandbox, como a trav\u00e9s de un servicio web. CVSS 3.0 Base Score 6.5 (impactos en la confidencialidad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)." } ], "id": "CVE-2017-10243", "lastModified": "2024-11-21T03:05:43.340", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-08T15:29:07.177", "references": [ { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "secalert_us@oracle.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99827" }, { "source": "secalert_us@oracle.com", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "secalert_us@oracle.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3954" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/99827" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securitytracker.com/id/1038931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1790" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1791" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201709-22" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20170720-0001/" } ], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }