All the vulnerabilites related to redhat - enterprise_mrg
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request."
},
{
"lang": "es",
"value": "Cumin, antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (por consumo de memoria) a trav\u00e9s de una solicitud de imagen de gran tama\u00f1o."
}
],
"id": "CVE-2012-2685",
"lastModified": "2024-11-21T01:39:26.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.960",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-01 20:55
Modified
2024-11-21 01:50
Severity ?
Summary
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mongodb | mongodb | * | |
| mongodb | mongodb | 1.2.0 | |
| mongodb | mongodb | 1.4.0 | |
| mongodb | mongodb | 1.6.0 | |
| mongodb | mongodb | 1.8.0 | |
| mongodb | mongodb | 2.0.0 | |
| mongodb | mongodb | 2.0.1 | |
| mongodb | mongodb | 2.0.2 | |
| mongodb | mongodb | 2.0.3 | |
| mongodb | mongodb | 2.0.4 | |
| mongodb | mongodb | 2.0.5 | |
| mongodb | mongodb | 2.0.6 | |
| mongodb | mongodb | 2.0.7 | |
| mongodb | mongodb | 2.2.0 | |
| mongodb | mongodb | 2.2.1 | |
| mongodb | mongodb | 2.2.2 | |
| mongodb | mongodb | 2.2.3 | |
| redhat | enterprise_mrg | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9828C4F0-141D-45AE-B6A4-1F841BF8389C",
"versionEndIncluding": "2.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA2303-8E19-415F-BD7C-B348DE0EC478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92948672-3F39-4675-BFB1-4ACACD078CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7590AB3-4433-4589-9575-647015A5DA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4562CE-83D2-422C-AB94-CB0EFABC2CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B3AD0E-11F2-477E-9D18-B6A609A4C652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BC4E1-4BF4-4486-829C-25AA0D01B8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C36D5752-589C-4323-8515-073DDF89DB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F63D8331-B0E9-4571-A74C-C13D3D4A13C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8EA4FF-62DB-40DA-833E-E43F64C79EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "253B057C-981D-4A8C-B81E-96ACD8C5AF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3291EEA9-7A79-417D-98FD-1350B4A456D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE04CE4-8D9F-4C56-802A-2F67DF884CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0F23FE-3AAF-4E29-AF89-C6365E839119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37D967E7-87F2-450C-A593-0FEE0F2A9A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6CD236-537A-4144-ACDF-5242D11AE34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7C828E-47B2-46AB-90F1-FD9682188E45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument."
},
{
"lang": "es",
"value": "MongoDB anterior a v2.0.9 y v2.2.x anterior a v.2.4 no valida correctamente las peticiones de la funci\u00f3n nativeHelper en SpiderMonkey, lo que permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (acceso no v\u00e1lido a memoria y ca\u00edda del servidor) o ejecutar c\u00f3digo arbitrario a trav\u00e9s una direcci\u00f3n de memoria manipulada en el primer argumento."
}
],
"id": "CVE-2013-1892",
"lastModified": "2024-11-21T01:50:36.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-01T20:55:03.513",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/24935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/24947"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mongodb.org/about/alerts/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/9"
},
{
"source": "secalert@redhat.com",
"url": "https://jira.mongodb.org/browse/SERVER-9124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/24935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/24947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mongodb.org/about/alerts/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://jira.mongodb.org/browse/SERVER-9124"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 15:15
Modified
2024-11-21 01:59
Severity ?
Summary
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nokogiri | nokogiri | * | |
| nokogiri | nokogiri | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | cloudforms_management_engine | 5.0 | |
| redhat | openstack | 3.0 | |
| redhat | openstack | 4.0 | |
| redhat | satellite | 6.0 | |
| redhat | subscription_asset_manager | - | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40BEDA-6032-4759-BAC4-F370195EBF92",
"versionEndExcluding": "1.5.11",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E232347-7EC2-4F3C-820B-170F6120AE16",
"versionEndExcluding": "1.6.1",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7098B44F-56BF-42E3-8831-48D0A8E99EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E2C740-099C-427F-846D-951A2A1BF07E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
},
{
"lang": "es",
"value": "La gema Nokogiri versiones 1.5.x, tiene una Denegaci\u00f3n de Servicio por medio de un bucle infinito cuando se analizan documentos XML."
}
],
"id": "CVE-2013-6460",
"lastModified": "2024-11-21T01:59:16.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T15:15:11.483",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-30 14:22
Modified
2024-11-21 01:59
Severity ?
Summary
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8082D9CA-E5CC-4B92-9F45-E257F246069F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack."
},
{
"lang": "es",
"value": "Cumin (tambi\u00e9n conocido como MRG Management Console), utilizado en Red Hat Enterprise MRG 2.5, utiliza la funci\u00f3n crypt basada en DES para crear hashes de contrase\u00f1as, lo que facilita a atacantes obtener informaci\u00f3n sensible a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-6445",
"lastModified": "2024-11-21T01:59:14.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-30T14:22:05.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0441.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1030158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030158"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades cross-site request forgery (CSRF) en la interfaz web de cumin en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios cumin en peticiones no especificadas."
}
],
"id": "CVE-2013-4405",
"lastModified": "2024-11-21T01:55:30.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.787",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 15:15
Modified
2024-11-21 01:59
Severity ?
Summary
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nokogiri | nokogiri | * | |
| nokogiri | nokogiri | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | cloudforms_management_engine | 5.0 | |
| redhat | openstack | 3.0 | |
| redhat | openstack | 4.0 | |
| redhat | satellite | 6.0 | |
| redhat | subscription_asset_manager | - | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40BEDA-6032-4759-BAC4-F370195EBF92",
"versionEndExcluding": "1.5.11",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E232347-7EC2-4F3C-820B-170F6120AE16",
"versionEndExcluding": "1.6.1",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7098B44F-56BF-42E3-8831-48D0A8E99EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E2C740-099C-427F-846D-951A2A1BF07E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
},
{
"lang": "es",
"value": "La gema Nokogiri versiones 1.5.x y 1.6.x, tienebn una DoS durante el an\u00e1lisis de entidades XML al fallar para aplicar l\u00edmites."
}
],
"id": "CVE-2013-6461",
"lastModified": "2024-11-21T01:59:16.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T15:15:11.577",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-20 05:55
Modified
2024-11-21 01:29
Severity ?
Summary
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker."
},
{
"lang": "es",
"value": "Cumin en Red Hat Enterprise Messaging, en Realtime, y en Grid (MRG) v2.0 registra credenciales de autenticaci\u00f3n de agente en un archivo de registro, lo que permite a usuarios locales eludir la autenticaci\u00f3n y realizar acciones no autorizadas en trabajos y las colas de mensajes a trav\u00e9s de una conexi\u00f3n directa con el agente."
}
],
"id": "CVE-2011-2925",
"lastModified": "2024-11-21T01:29:17.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-20T05:55:02.530",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/75217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45887"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1249.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1250.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49500"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026021"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731574"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69659"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | 5.10 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_mrg | 2.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | cloud_backup | - | |
| netapp | solidfire_baseboard_management_controller_firmware | - | |
| netapp | solidfire_baseboard_management_controller | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9DD7EB1D-064C-4DB9-AD34-D8EF78312C17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo de uso de la memoria previamente liberada en el archivo kernel/trace/ring_buffer.c en el kernel de Linux (anteriores a la versi\u00f3n 5.10-rc1). Se present\u00f3 un problema de carrera en trace_open y el cambio de tama\u00f1o del b\u00fafer de la CPU ejecut\u00e1ndose paralelamente en diferentes CPUs, puede causar un problema de Denegaci\u00f3n de Servicio (DOS). Este fallo podr\u00eda inclusive permitir a un atacante local con privilegios especiales de usuario amenazar con una filtraci\u00f3n de informaci\u00f3n del kernel"
}
],
"id": "CVE-2020-27825",
"lastModified": "2024-11-21T05:21:53.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T19:15:12.607",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-14 16:29
Modified
2024-11-21 02:36
Severity ?
Summary
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1288934 | Issue Tracking, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1288934 | Issue Tracking, Third Party Advisory, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 | |
| redhat | kernel-rt | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:kernel-rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04EC810-B8EF-4E88-951C-88F96197515C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets."
},
{
"lang": "es",
"value": "Una condici\u00f3n de carrera en el kernel en Red Hat Enterprise Linux 7, kernel-rt y Red Hat Enterprise MRG 2 permite que usuarios locales provoquen una denegaci\u00f3n de servicio (p\u00e1nico) mediante la creaci\u00f3n de sockets netlink cuando se carga el m\u00f3dulo nfnetlink_log."
}
],
"id": "CVE-2015-7553",
"lastModified": "2024-11-21T02:36:58.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-14T16:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2024-11-21 01:50
Severity ?
Summary
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.0 | |
| apache | qpid | * | |
| apache | qpid | 0.5 | |
| apache | qpid | 0.6 | |
| apache | qpid | 0.7 | |
| apache | qpid | 0.8 | |
| apache | qpid | 0.9 | |
| apache | qpid | 0.10 | |
| apache | qpid | 0.11 | |
| apache | qpid | 0.12 | |
| apache | qpid | 0.13 | |
| apache | qpid | 0.14 | |
| apache | qpid | 0.15 | |
| apache | qpid | 0.16 | |
| apache | qpid | 0.17 | |
| apache | qpid | 0.18 | |
| apache | qpid | 0.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFF35CD-0D3D-4B29-8E7A-9C39D7358A3A",
"versionEndIncluding": "0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D441FDC2-CA4E-43C5-A3DD-3715641E59A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CB1E30-BDD9-451E-A366-EE19C2E00AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8690F211-CE64-4799-87C5-F2AEDB0500EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "469FC441-523B-4C78-9B2D-46B8CCE8811E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB64A222-C258-44BF-A83D-CFE1204F8009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C584B299-0BB9-4B4F-B0BC-11DE222F1F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D74323FF-612A-48EE-A03E-D49CAD828101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "21261207-0DF5-460A-9F9B-F8CADB78DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A6F2E8-325C-4071-9862-8242B730B147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "578FB3FD-EA55-4A39-94D4-F4194C0F2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C67B5857-3CD8-445A-B60D-C0285BB60A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2949A7DC-2955-4770-94CE-5AB9EEC3B1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B227D078-8298-4594-8F96-F2976F189B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre com\u00fan del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado v\u00e1lido de su elecci\u00f3n."
}
],
"id": "CVE-2013-1909",
"lastModified": "2024-11-21T01:50:38.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.063",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53968"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54137"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 15:15
Modified
2024-11-21 02:18
Severity ?
Summary
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1335817 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1335817 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace."
},
{
"lang": "es",
"value": "El kernel en Red Hat Enterprise Linux versiones 7 y MRG-2, no borra los datos basura para el b\u00fafer de SG_IO, lo que puede filtrar informaci\u00f3n confidencial en el espacio del usuario."
}
],
"id": "CVE-2014-8181",
"lastModified": "2024-11-21T02:18:43.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T15:15:10.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335817"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-15 20:55
Modified
2024-11-21 01:51
Severity ?
Summary
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E252E0BC-FCE3-40FA-9819-65999BD2F6A1",
"versionEndIncluding": "3.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "680D0E00-F29A-487C-8770-8E7EAC672B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCA96A4-A836-4E94-A39C-3AD3EA1D9611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "753C05E3-B603-4E36-B9BA-FAEDCBF62A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E385C2E0-B9F1-4564-8E6D-56FD9E762405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "041335D4-05E1-4004-9381-28AAD5994B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "370F2AE5-3DBC-46B9-AC70-F052C9229C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A971BE3-259D-4494-BBC5-12793D92DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4719A6-FDEA-4714-A830-E23A52AE90BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability."
},
{
"lang": "es",
"value": "La funci\u00f3n crypto_report_one en crypto / crypto_user.c en el API de informe del API de configuraci\u00f3n de cifrado de usuario en el kernel de Linux a trav\u00e9s de v3.8.2 utiliza un valor de longitud incorrecta durante una operaci\u00f3n de copia, que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel mediante el aprovechamiento de la capacidad CAP_NET_ADMIN."
}
],
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-2548 \"These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.\"",
"id": "CVE-2013-2548",
"lastModified": "2024-11-21T01:51:54.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-15T20:55:08.663",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2024-11-21 02:25
Severity ?
Summary
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB997E9A-FBEE-415A-9B18-37FCAEA17DB2",
"versionEndIncluding": "3.19.8",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
},
{
"lang": "es",
"value": "El subsistema VFS en el kernel de Linux 3.x provee un conjunto incompleto de requerimientos para operaciones setattr que subespecifica eliminando atributos de extensi\u00f3n de privilegios, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (desprovisi\u00f3n de capacidad) a trav\u00e9s de una invocaci\u00f3n fallida of a system call, seg\u00fan lo demostrado usando chown para eliminar una capacidad una capacidad de ping o del programa dumpcap de Wireshark."
}
],
"id": "CVE-2015-1350",
"lastModified": "2024-11-21T02:25:13.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-02T10:59:07.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76075"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-14 06:29
Modified
2024-11-21 03:14
Severity ?
Summary
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB470D9-2EFD-4F2C-838A-EF9815166D69",
"versionEndIncluding": "4.13.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG)."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un error en la funci\u00f3n hugetlb_mcopy_atomic_pte en mm/hugetlb.c en el kernel de Linux en versiones anteriores a la 4.13.12. La falta de comprobaci\u00f3n de tama\u00f1o podr\u00eda provocar una denegaci\u00f3n de servicio (error)."
}
],
"id": "CVE-2017-15128",
"lastModified": "2024-11-21T03:14:07.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-14T06:29:00.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-17 11:00
Modified
2024-11-21 01:36
Severity ?
Summary
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D700E9-ABBF-4CA7-908E-99146F8CED6E",
"versionEndExcluding": "3.0.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DAE145-A55C-472F-B276-341EA6940F6A",
"versionEndExcluding": "3.2.10",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EB74DEB4-2BD1-4A65-AFDA-C331BC20C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF49412C-CF41-4251-B1FB-F0E63AC9E019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*",
"matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*",
"matchCriteriaId": "A5FA293A-23D8-445E-B08C-72B0A2A20EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
"matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:-:*:*:*",
"matchCriteriaId": "1A9E2971-0D30-4A8D-8BF8-99E4E9E4CF86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call."
},
{
"lang": "es",
"value": "El funcionalidad regset (tambi\u00e9n conocido como conjunto de registros) en el kernel de Linux antes de v3.2.10 no controla correctamente la ausencia de m\u00e9todos .\"set\" y \".get\", lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (desreferencia de puntero nulo) o, posiblemente, tener un impacto no especificado a trav\u00e9s de (1) un PTRACE_GETREGSET o (2) una llamada ptrace PTRACE_SETREGSET."
}
],
"id": "CVE-2012-1097",
"lastModified": "2024-11-21T01:36:24.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-05-17T11:00:37.227",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48842"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48898"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48964"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799209"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-10 11:55
Modified
2024-11-21 02:08
Severity ?
Summary
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_mrg | 2.0 | |
| canonical | ubuntu_linux | 12.04 | |
| debian | debian_linux | 7.0 | |
| opensuse | evergreen | 11.4 | |
| suse | linux_enterprise_software_development_kit | 12 | |
| suse | linux_enterprise_workstation_extension | 12 | |
| suse | suse_linux_enterprise_server | 10 | |
| suse | suse_linux_enterprise_server | 11 | |
| suse | suse_linux_enterprise_server | 11 | |
| suse | suse_linux_enterprise_server | 12 | |
| oracle | linux | 5 | |
| oracle | linux | 6 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81B7DEC7-B0D1-4A97-AFCC-888945125BF4",
"versionEndExcluding": "3.2.64",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5939-878C-4DD2-9BDF-308A9616CAC2",
"versionEndExcluding": "3.4.107",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6F5B79-847B-40A4-A86A-02ECF5222C5D",
"versionEndExcluding": "3.10.61",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE4711D-12D9-4BDA-86F5-6F6C3AF22A59",
"versionEndExcluding": "3.12.34",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEC5060-1B1C-4215-BD50-21710B905775",
"versionEndExcluding": "3.14.25",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08",
"versionEndExcluding": "3.16.35",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C15DCCA4-4748-46FF-B6BC-C1F5C70E3B2B",
"versionEndExcluding": "3.17.4",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
"matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFA18B6-2642-470A-A350-68947529EE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "61853C27-E1A3-49BC-993D-6B32802F668F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"matchCriteriaId": "ED960EC0-D881-428E-ACE7-516B92C44EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "C202F75B-221A-40BB-8A0D-451335B39937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
"matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c."
},
{
"lang": "es",
"value": "La implementaci\u00f3n SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de un chunk ASCONF malformado, relacionado con net/sctp/sm_make_chunk.c y net/sctp/sm_statefuns.c."
}
],
"id": "CVE-2014-3673",
"lastModified": "2024-11-21T02:08:37.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2014-11-10T11:55:06.580",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/62428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70883"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147850"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/62428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2024-11-21 01:08
Severity ?
Summary
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 6.5.4 | |
| condor_project | condor | 6.8.0 | |
| condor_project | condor | 6.8.1 | |
| condor_project | condor | 6.8.2 | |
| condor_project | condor | 6.8.3 | |
| condor_project | condor | 6.8.4 | |
| condor_project | condor | 6.8.5 | |
| condor_project | condor | 6.8.6 | |
| condor_project | condor | 6.8.7 | |
| condor_project | condor | 6.8.8 | |
| condor_project | condor | 6.8.9 | |
| condor_project | condor | 7.0.0 | |
| condor_project | condor | 7.0.1 | |
| condor_project | condor | 7.0.2 | |
| condor_project | condor | 7.0.3 | |
| condor_project | condor | 7.0.4 | |
| condor_project | condor | 7.0.5 | |
| condor_project | condor | 7.0.6 | |
| condor_project | condor | 7.1.0 | |
| condor_project | condor | 7.1.1 | |
| condor_project | condor | 7.1.2 | |
| condor_project | condor | 7.1.3 | |
| condor_project | condor | 7.1.4 | |
| condor_project | condor | 7.2.0 | |
| condor_project | condor | 7.2.1 | |
| condor_project | condor | 7.2.2 | |
| condor_project | condor | 7.2.3 | |
| condor_project | condor | 7.2.4 | |
| condor_project | condor | 7.3.0 | |
| condor_project | condor | 7.3.1 | |
| condor_project | condor | 7.3.2 | |
| condor_project | condor | 7.4.0 | |
| redhat | enterprise_mrg | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D17C7D49-C87C-4531-9F60-AEA8217BC47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E5E567-70BE-4C89-85BD-75BCA71D8DBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C82D2C15-DFD1-40E0-86FC-F48263416AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C8D4B5-3A8A-42BA-8C9A-98989FA23A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA32C2CA-B61F-449B-B90A-054AF177C296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "03F817A5-9926-4AB5-8D25-8B68DC905B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDAA46-4598-4DC2-8B1B-D85CBF649133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "524D6F4F-4715-4F68-A069-87CDEF8BB5DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3219F472-97A7-4A8E-A45C-DBFB3E25AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2B77EF-FEC9-4433-8A15-5DF7F51B056D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:6.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67DCD1-6A39-4E77-AE65-9FADD3A267FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F3C190-977B-4FFA-8DA6-6C1DC337FE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9E5EA-CD6B-401A-ACD5-0FA64A32DD5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5888B30-EFC0-49D7-BDFC-219226A3BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5985B827-0494-4B99-A0CC-3F2DCB486BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D49E49-D7C3-4A8D-87DF-26BFE479F0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B921A880-DCC2-4AEB-A113-4AD520AA75D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C31EBEA-2CB0-4910-B644-BAA5CB900DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAA688-530F-4049-AEF7-B302F984DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
},
{
"lang": "es",
"value": "Condor v6.5.4 hasta v7.2.4, v7.3.x, y v7.4.0, como el usado en MRG, Grid para MRG, y Grid Execute Node para MRG, permite a usuarios autenticados remotamente encolar tareas como un usuario de su elecci\u00f3n, y de ese modo obtener privilegios, usando una herramienta de l\u00ednea de commandos Condor para modificar un atributo de tarea no especificado."
}
],
"id": "CVE-2009-4133",
"lastModified": "2024-11-21T01:08:59.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-23T18:30:00.687",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37766"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37803"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023378"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37443"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors."
},
{
"lang": "es",
"value": "cumin en Red Hat Enterprise MRG Grid 2.4 no hace cumplir correctamente los roles de usuario, lo cual permite a usuarios autenticados remotamente sortear restricciones de rol intencionadas y obtener informaci\u00f3n sensible o ejecutar operaciones privilegiadas a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4404",
"lastModified": "2024-11-21T01:55:30.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.753",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-09 22:29
Modified
2024-11-21 02:18
Severity ?
Summary
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | - | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup."
},
{
"lang": "es",
"value": "El controlador de recursos de memoria (tambi\u00e9n conocido como memcg) en el kernel de Linux permite que usuarios locales provoquen una denegaci\u00f3n de servicio (deadlock) generando nuevos procesos en un cgroup con l\u00edmite de memoria."
}
],
"id": "CVE-2014-8171",
"lastModified": "2024-11-21T02:18:42.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-09T22:29:00.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74293"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-29 14:55
Modified
2024-11-21 01:53
Severity ?
Summary
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_mrg | 2.0 | |
| suse | linux_enterprise_desktop | 11 | |
| suse | linux_enterprise_high_availability_extension | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57E8C289-3BF2-4F0F-9413-105766968AB1",
"versionEndExcluding": "3.2.44",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1449D817-5FC8-4A96-B602-B5E6BDDEC08D",
"versionEndExcluding": "3.4.49",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAFC42D-F7F3-483C-9426-1C3027F9F631",
"versionEndExcluding": "3.8.8",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A3A907A3-2A3A-46D4-8D75-914649877B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:vmware:*:*:*:*:*",
"matchCriteriaId": "3A0D502F-9D9C-4D97-B030-141DDE88D4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call."
},
{
"lang": "es",
"value": "La implementacion ftrace en Linux Kernel anterior a v3.8.8 permite a usuarios locales provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda del sistema) o posiblemente tener otro impacto no especificado a trav\u00e9s del aprovechamiento de la capacidad CAP_SYS_ADMIN para el acceso de escritura a los ficheros (1) set_ftrace_pid o (2) set_graph_function y luego hacer una llamada al sistema \"lseek\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html \u0027CWE-476: NULL Pointer Dereference\u0027",
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-3301 \"This issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.\"",
"id": "CVE-2013-3301",
"lastModified": "2024-11-21T01:53:20.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-29T14:55:04.630",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.ubuntu.com/usn/USN-1834-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1835-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1836-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1838-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.ubuntu.com/usn/USN-1834-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1835-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1836-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1838-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 15:15
Modified
2024-11-21 01:40
Severity ?
Summary
cumin: At installation postgresql database user created without password
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-3460 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-3460 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cumin: At installation postgresql database user created without password"
},
{
"lang": "es",
"value": "cumin: en la instalaci\u00f3n de la base de datos de postgresql un usuario se cre\u00f3 sin contrase\u00f1a"
}
],
"id": "CVE-2012-3460",
"lastModified": "2024-11-21T01:40:55.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T15:15:11.667",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-14 06:29
Modified
2024-11-21 03:14
Severity ?
Summary
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2894F22-5448-4402-AE27-6E43BD08E14E",
"versionEndExcluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un error en la funci\u00f3n hugetlb_mcopy_atomic_pte en mm/hugetlb.c en el kernel de Linux en versiones anteriores a la 4.13. Un desbloqueo superfluo impl\u00edcito de p\u00e1gina para la representaci\u00f3n hugetlbfs de VM_SHARED podr\u00eda desembocar una denegaci\u00f3n de servicio local (error)."
}
],
"id": "CVE-2017-15127",
"lastModified": "2024-11-21T03:14:07.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-14T06:29:00.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/102517"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/102517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-460"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-18 17:00
Modified
2024-11-21 01:10
Severity ?
Summary
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | qpid | * | |
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 | |
| redhat | enterprise_mrg | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5CF09-B7B3-4E40-8546-11230A9B7755",
"versionEndIncluding": "0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059C1E78-7197-4A08-9E1A-138F82F949EE",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data."
},
{
"lang": "es",
"value": "La funci\u00f3n Cluster::deliveredEvent de cluster/Cluster.cpp de Apache Qpid, tal como es utilizada en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio y del cluster) a trav\u00e9s de datos AMQP inv\u00e1lidos."
}
],
"id": "CVE-2009-5005",
"lastModified": "2024-11-21T01:10:58.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-18T17:00:02.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 05:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2020/12/03/1 | Mailing List | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1900933 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d | Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210122-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/12/03/1 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1900933 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210122-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| redhat | openshift_container_platform | 4.4 | |
| redhat | openshift_container_platform | 4.5 | |
| redhat | openshift_container_platform | 4.6 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_mrg | 2.0 | |
| netapp | cloud_backup | - | |
| netapp | solidfire_baseboard_management_controller | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C371AE92-D5FD-45E1-91D6-0EE05FA6D21C",
"versionEndExcluding": "4.4.224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA91BF70-8648-4C4E-B605-538BF8A2FC27",
"versionEndExcluding": "4.9.224",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06E32062-F304-482F-AF76-B675892181D1",
"versionEndExcluding": "4.14.181",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16360395-8BB9-4929-ABD9-D4EEC5DF1F8D",
"versionEndExcluding": "4.19.124",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514407C3-9A5E-4685-88D0-F8106DA8361E",
"versionEndExcluding": "5.4.42",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9116AC-779C-4BE7-92D1-757CC91A2355",
"versionEndExcluding": "5.6.14",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "44C5E433-229C-4BB9-8481-8A74AFA8DB8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D432C063-0805-4151-A819-508FE8954101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B62E762-2878-455A-93C9-A5DB430D7BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u2019s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la implementaci\u00f3n de MIDI en el kernel de Linux, donde un atacante con una cuenta local y los permisos para emitir comandos ioctl a dispositivos midi podr\u00eda desencadenar un problema de uso despu\u00e9s de la liberaci\u00f3n. Una escritura en esta memoria espec\u00edfica mientras est\u00e1 liberada y antes de su uso hace que el flujo de ejecuci\u00f3n cambie y posiblemente permita la corrupci\u00f3n de memoria o la escalada de privilegios. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema"
}
],
"id": "CVE-2020-27786",
"lastModified": "2024-11-21T05:21:49.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T05:15:12.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-18 14:29
Modified
2024-11-21 02:08
Severity ?
Summary
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/101507 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1154977 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101507 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1154977 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_mrg:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A839A0F-4F02-4FD5-B22B-C5D30495B8D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates."
},
{
"lang": "es",
"value": "ovirt-engine, tal y como se emplea en Red Hat MRG 3, permite que atacantes Man-in-the-Middle (MitM) suplanten servidores aprovechando el error a la hora de verificar atributos de clave en certificados vdsm X.509."
}
],
"id": "CVE-2014-3706",
"lastModified": "2024-11-21T02:08:42.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-18T14:29:00.467",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101507"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-19 19:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8082D9CA-E5CC-4B92-9F45-E257F246069F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link."
},
{
"lang": "es",
"value": "Cumin (tambi\u00e9n conocido como MRG Management Console), utilizado en Red Hat Enterprise MRG 2.5, permite a atacantes con ciertos privilegios en la base de datos causar una denegaci\u00f3n de servicio (p\u00e1gina inaccesible) a trav\u00e9s de un caracter no ASCII en el nombre de un enlace."
}
],
"id": "CVE-2012-2682",
"lastModified": "2024-11-21T01:39:26.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-19T19:55:05.730",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830254"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:10
Modified
2024-11-21 01:42
Severity ?
Summary
aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.8.0 | |
| redhat | enterprise_mrg | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1C1780-D08E-4E91-9379-CC6070360859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option."
},
{
"lang": "es",
"value": "aviary/jobcontrol.py de Condor, es usado en Red Hat Enterprise MRG v2.3, cuando se eliminan tareas, permite a atacantes remotos causar una denegaci\u00f3n de servicios (condor_schedd reinicio) a trav\u00e9s de corchetes en la opci\u00f3n cproc."
}
],
"id": "CVE-2012-4462",
"lastModified": "2024-11-21T01:42:56.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:10:23.503",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-27 10:59
Modified
2024-11-21 02:52
Severity ?
Summary
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | vm_server | 3.3 | |
| oracle | vm_server | 3.4 | |
| oracle | linux | 5.0 | |
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| linux | linux_kernel | * | |
| novell | suse_linux_enterprise_real_time_extension | 12.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_for_real_time | 7.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_hpc_node_eus | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.2 | |
| redhat | enterprise_linux_server_eus | 7.2 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D62B2C-40E5-41B7-9DAA-029BCD079054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA58099-26F7-4B01-B9FC-275F012FE9C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC099084-12C9-4396-ABC7-F389CFAD871E",
"versionEndIncluding": "4.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "B2905A9C-3E00-4188-8341-E5C2F62EF405",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA3C94F-5FA1-4805-A3EC-6E27AE9AB10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "079318CC-8A10-401B-8BC9-8CD28C3F1797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."
},
{
"lang": "es",
"value": "La funci\u00f3n key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versi\u00f3n 4.6.3 no asegura que cierta estructura de datos est\u00e9 inicializada, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de vectores involucrando un comando keyctl request2 manipulado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
"id": "CVE-2016-4470",
"lastModified": "2024-11-21T02:52:17.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-27T10:59:08.720",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3051-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3052-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3053-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3054-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3055-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3056-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-3057-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3051-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3052-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3053-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3054-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3055-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3056-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3057-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-27 10:59
Modified
2024-11-21 02:28
Severity ?
Summary
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| oracle | linux | 5.0 | |
| oracle | solaris | 11.3 | |
| redhat | enterprise_mrg | 2.5 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEE6ECD-D1F2-433F-BE74-04408D3D6EA5",
"versionEndIncluding": "3.19.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8082D9CA-E5CC-4B92-9F45-E257F246069F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message."
},
{
"lang": "es",
"value": "La funci\u00f3n ndisc_router_discovery en net/ipv6/ndisc.c en la implementaci\u00f3n de protocolo Neighbor Discovery (ND) en la pila IPv6 en el kernel de Linux anterior a 3.19.6 permite a atacantes remotos reconfigurar una configuraci\u00f3n \u0027hop-limit\u0027 a trav\u00e9s de un valor hop_limit peque\u00f1o en un mensaje Router Advertisement (RA)."
}
],
"id": "CVE-2015-2922",
"lastModified": "2024-11-21T02:28:19.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-27T10:59:06.987",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74315"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032417"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-30 14:29
Modified
2024-11-21 03:31
Severity ?
Summary
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "429C1A9C-998E-457D-8DE5-1CCBA72086E8",
"versionEndExcluding": "3.2.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEC5142-D74C-40FD-9F20-286B9566A40E",
"versionEndExcluding": "3.10.108",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63252E95-BB44-4171-81B3-530571754ACD",
"versionEndExcluding": "3.16.45",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCD44DB-A537-4F77-B2DC-E0F3EF3FC431",
"versionEndExcluding": "3.18.59",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6B255F-0933-4983-B3F6-AD5B128A8F04",
"versionEndExcluding": "4.1.43",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "210DE424-BB18-453F-8EC0-528DB62330A3",
"versionEndExcluding": "4.4.75",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "756E8245-FDA8-4533-839F-003E1102C971",
"versionEndExcluding": "4.9.35",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC396324-C7F1-4F5F-8C7B-1F084DF92D5B",
"versionEndExcluding": "4.11.8",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
},
{
"lang": "es",
"value": "en el kernel de Linux en versiones anteriores a la 4.12, los tickets de Kerberos 5 descifrados al emplear las claves RXRPC de forma incorrecta asumen el tama\u00f1o de un campo. Esto podr\u00eda conducir a un wrapping de la variable que mantiene el tama\u00f1o y en que el puntero de datos vaya m\u00e1s all\u00e1 final del b\u00fafer. Esto podr\u00eda conducir a una corrupci\u00f3n de memoria y a un posible escalado de privilegios."
}
],
"id": "CVE-2017-7482",
"lastModified": "2024-11-21T03:31:59.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-30T14:29:02.990",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q2/602"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99299"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038787"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q2/602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3945"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-29 14:55
Modified
2024-11-21 01:50
Severity ?
Summary
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "742BDE9E-0B47-4B85-A030-588C6E37FB15",
"versionEndIncluding": "3.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test."
},
{
"lang": "es",
"value": "La funcion ext4_orphan_del en fs/ext4/namei.c en Linux Kernel anterior a v3.7.3 no maneja adecuadamente las cabeceras orphan-list para sistemas de ficheros non-journal, lo que permite causar a atacantes f\u00edsicamente pr\u00f3ximos una denegaci\u00f3n de servicio (bloqueo del sistema) a trav\u00e9s de un sistema de archivos dise\u00f1ado en medios extra\u00edbles, como se demostr\u00f3 en el test de e2fsprogs tests/f_orphan_extents_inode/image.gz."
}
],
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-2015 \"This issue affects the versions of the Linux kernel as shipped with\r\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel\r\nupdates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may\r\naddress this issue.\"",
"id": "CVE-2013-2015",
"lastModified": "2024-11-21T01:50:51.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-29T14:55:04.587",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/04/26/16"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=957123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/04/26/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=957123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the \"Max allowance\" field in the \"Set limit\" form."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en la interfaz web de cumin en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s del campo \"Max allowance\" en el formulario \"Set limit\"."
}
],
"id": "CVE-2013-4414",
"lastModified": "2024-11-21T01:55:31.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.817",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F8005D-23A1-4666-B194-18D895721E7A",
"versionEndExcluding": "4.4.182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26",
"versionEndExcluding": "4.9.182",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658",
"versionEndExcluding": "4.14.127",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4",
"versionEndExcluding": "4.19.52",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5",
"versionEndExcluding": "5.1.11",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."
},
{
"lang": "es",
"value": "Jonathan Looney descubri\u00f3 que la implementaci\u00f3n de la cola de retransmisi\u00f3n de TCP en tcp_fragment en el kernel de Linux podr\u00eda estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit f070ef2ac66716357066b683fb0baf55f8191a2e."
}
],
"id": "CVE-2019-11478",
"lastModified": "2024-11-21T04:21:09.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T00:15:12.687",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"source": "security@ubuntu.com",
"url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
},
{
"source": "security@ubuntu.com",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"source": "security@ubuntu.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"source": "security@ubuntu.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"source": "security@ubuntu.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"source": "security@ubuntu.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"source": "security@ubuntu.com",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"source": "security@ubuntu.com",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
},
{
"source": "security@ubuntu.com",
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"source": "security@ubuntu.com",
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K26618426"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"source": "security@ubuntu.com",
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"source": "security@ubuntu.com",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "security@ubuntu.com",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security@ubuntu.com",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"source": "security@ubuntu.com",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K26618426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-10 10:55
Modified
2024-11-21 01:55
Severity ?
Summary
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349CF165-D41B-4B08-B7C0-EEB5722E87FB",
"versionEndIncluding": "3.11.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D47A395-821D-4BFF-996E-E849D9A40217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*",
"matchCriteriaId": "AB1EDDA7-15AF-4B45-A931-DFCBB1EEB701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "680D0E00-F29A-487C-8770-8E7EAC672B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCA96A4-A836-4E94-A39C-3AD3EA1D9611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "753C05E3-B603-4E36-B9BA-FAEDCBF62A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E385C2E0-B9F1-4564-8E6D-56FD9E762405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "041335D4-05E1-4004-9381-28AAD5994B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "370F2AE5-3DBC-46B9-AC70-F052C9229C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A971BE3-259D-4494-BBC5-12793D92DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4719A6-FDEA-4714-A830-E23A52AE90BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27ADC356-6BE9-43A3-9E0B-393DC4B1559A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F543D23-1774-4D14-A7D1-AD49EDEA94DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC323F58-CA00-4C3C-BA4D-CC2C0A6E5F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA0B2E3-668D-40ED-9D3D-709EB6449F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3431B258-4EC8-4E7F-87BB-4D934880601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B09FA1E-8B28-4F2A-BA7E-8E1C40365970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91917120-9D68-41C0-8B5D-85C256BC6200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD268A0-096C-4C31-BEC5-D47F5149D462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BD2427-C47F-4660-A1D9-448E500EF5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "02048CE5-81C7-4DFB-BC40-CE4C86B7E022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "934D2B37-0575-4A75-B00B-0028316D6DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "06754C21-995C-4850-A4DC-F21826C0F8C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42633FF9-FB0C-4095-B4A1-8D623A98683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "08C04619-89A2-4B15-82A2-48BCC662C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5B039196-7159-476C-876A-C61242CC41DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*",
"matchCriteriaId": "BEE406E7-87BA-44BA-BF61-673E6CC44A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*",
"matchCriteriaId": "29FBA173-658F-45DC-8205-934CACD67166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*",
"matchCriteriaId": "139700F0-BA32-40CF-B9DF-C9C450384FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E578085C-3968-4543-BEBA-EE3C3CB4FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA441-68FB-4559-A245-FF0B79DE43CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2508D8-6571-4B81-A0D7-E494CCD039CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B516926-5E86-4C0A-85F3-F64E1FCDA249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "069D774D-79BE-479F-BF4E-F021AD808114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D15B27A9-46E0-4DDF-A00C-29F8F1F18D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A381BB4A-28B4-4672-87EE-91B3DDD6C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "922F80CF-937D-4FA2-AFF2-6E47FFE9E1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A548ADF4-9E3B-407C-A5ED-05150EB3A185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C623230-4497-41B9-9BD2-7A6CFDD77983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C72FA8A6-60A6-4486-A245-7BEF8B2A2711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0A498D90-BB99-405E-9FA6-1FBFE179787E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D32776-8ADB-4E79-846A-C0C99FED19E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D01673-D13F-487F-81B6-1279C187277E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB27A3E-78E4-40F7-9716-A1099B0D85FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16E7136A-A8A6-4BF5-AF5D-AFB5C7A10712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE127AC-E61D-427A-B998-D60DF5AABA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3819FF99-AEC5-4466-8542-D395419E4308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E621FA1A-464B-4D2A-A0D6-EDA475A3709B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B760B422-EA11-43AB-B6D2-CA54E7229663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D2CA7BBC-917C-4F31-A442-465C30444836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE778000-4FD5-4032-86CE-5930EF4CB7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3344EEB-F037-48FE-81DC-67F6384F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0244B0CA-9C67-4F06-BFBA-1F257112AC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "639E3A57-A9E7-40E6-8929-81CCC0060EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07012ADD-F521-40A8-B067-E87C2238A3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5FF393-3F89-4274-B82B-F671358072ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E348698F-54D1-4F5E-B701-CFAF50881E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2A5DA2-081C-4524-AE73-F9EFB23B412A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87927ABB-0BDC-493C-B4F4-E979B03DAC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n en la funci\u00f3n get_prng_bytes en crypto/ansi_cprng.c en el kernel de Linux hasta la versi\u00f3n 3.11.4 hace que sea m\u00e1s f\u00e1cil para atacantes dependientes del contexto anular mecanismos de protecci\u00f3n criptogr\u00e1ficos a trav\u00e9s de m\u00faltiples peticiones por peque\u00f1as cantidades de datos, que conduce a la gesti\u00f3n inadecuada del estado de los datos consumidos."
}
],
"id": "CVE-2013-4345",
"lastModified": "2024-11-21T01:55:23.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-10T10:55:06.380",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=linux-crypto-vger\u0026m=137942122902845\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62740"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2064-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2065-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2070-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2075-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2158-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=linux-crypto-vger\u0026m=137942122902845\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2064-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2065-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2070-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2075-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2158-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-19 15:15
Modified
2024-11-21 01:46
Severity ?
Summary
Nokogiri before 1.5.4 is vulnerable to XXE attacks
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1178970 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/sparklemotion/nokogiri/issues/693 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://nokogiri.org/CHANGELOG.html#154-2012-06-12 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1178970 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sparklemotion/nokogiri/issues/693 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nokogiri.org/CHANGELOG.html#154-2012-06-12 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nokogiri | nokogiri | * | |
| redhat | cloudforms_management_engine | 5.0 | |
| redhat | openshift | 2.0 | |
| redhat | openstack | 4.0 | |
| redhat | openstack | 6.0 | |
| redhat | openstack_foreman | - | |
| redhat | satellite | 6.0 | |
| redhat | subscription_asset_manager | - | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB203B5A-2979-4C08-8E90-EEA32EE5ACB0",
"versionEndExcluding": "1.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7098B44F-56BF-42E3-8831-48D0A8E99EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "884F5BE8-59F5-4502-9765-F3A3E505570F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_foreman:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C77E4AD2-8BB5-427E-90BA-CB43B3684179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E2C740-099C-427F-846D-951A2A1BF07E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
},
{
"lang": "es",
"value": "Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE."
}
],
"id": "CVE-2012-6685",
"lastModified": "2024-11-21T01:46:40.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T15:15:11.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sparklemotion/nokogiri/issues/693"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sparklemotion/nokogiri/issues/693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 17:55
Modified
2024-11-21 02:09
Severity ?
Summary
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| suse | linux_enterprise_desktop | 10.0 | |
| redhat | enterprise_linux | 5 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_mrg | 2.0 | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14.1 | |
| linux | linux_kernel | 3.14.2 | |
| linux | linux_kernel | 3.14.3 | |
| linux | linux_kernel | 3.14.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10.0:sp4:*:*:lts:*:*:*",
"matchCriteriaId": "CF4268F0-C7DB-4680-B82E-DC8EF78BFC3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64AC2C28-4430-4AE4-A540-C4AF96D94B53",
"versionEndIncluding": "3.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*",
"matchCriteriaId": "851B1505-0318-49F4-8D7C-196BE04FF173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1817B5C-356A-44FD-A645-AF224A59F6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3B528018-4A7E-4E59-A7CA-91D2A9536831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1795E18E-AE30-4230-809F-E40317FB96BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F91AF02-7C23-4888-A580-07C166BE8128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*",
"matchCriteriaId": "61A7DB5C-EB54-4D4A-AB38-8060F13C8779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4FF2C86B-7087-4EFC-A256-3AF313C25325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*",
"matchCriteriaId": "14AC6A73-D01C-44F4-9821-BAE9600E72D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*",
"matchCriteriaId": "055557BE-1FE9-45F5-8A95-F8D3C9B031E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "742641DA-1CAE-4156-95F3-367793713696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBDD96-92E4-429F-A697-14364CF68EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "998AC0EF-FC56-4F8F-B9B2-1A45C80C2231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6C7930-913B-4B82-BF14-CD9A0E8A968F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number."
},
{
"lang": "es",
"value": "kernel/auditsc.c en el kernel de Linux hasta 3.14.5, cuando CONFIG_AUDITSYSCALL est\u00e1 habilitado con ciertas normas syscall, permite a usuarios locales obtener valores de un \u00fanico bit potencialmente sensibles de la memoria del kernel o causar una denegaci\u00f3n de servicio (OOPS) a trav\u00e9s de un valor grande de un n\u00famero syscall."
}
],
"id": "CVE-2014-3917",
"lastModified": "2024-11-21T02:09:07.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T17:55:07.307",
"references": [
{
"source": "cve@mitre.org",
"url": "http://article.gmane.org/gmane.linux.kernel/1713179"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1143.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1281.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59777"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60011"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60564"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/29/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.linux.kernel/1713179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/29/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102571"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-15 20:55
Modified
2024-11-21 01:51
Severity ?
Summary
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E252E0BC-FCE3-40FA-9819-65999BD2F6A1",
"versionEndIncluding": "3.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "680D0E00-F29A-487C-8770-8E7EAC672B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCA96A4-A836-4E94-A39C-3AD3EA1D9611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "753C05E3-B603-4E36-B9BA-FAEDCBF62A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E385C2E0-B9F1-4564-8E6D-56FD9E762405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "041335D4-05E1-4004-9381-28AAD5994B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "370F2AE5-3DBC-46B9-AC70-F052C9229C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A971BE3-259D-4494-BBC5-12793D92DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4719A6-FDEA-4714-A830-E23A52AE90BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability."
},
{
"lang": "es",
"value": "La funci\u00f3n crypto_report_one en crypto / crypto_user.c en el API de informe en el API de configuraci\u00f3n de cifrado de usuario en el kernel de Linux a trav\u00e9s de v3.8.2 no inicializa la estructura de algunos miembros, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del n\u00facleo mont\u00f3n aprovechando la CAP_NET_ADMIN capacidad."
}
],
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-2547 \"These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.\"",
"id": "CVE-2013-2547",
"lastModified": "2024-11-21T01:51:54.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-15T20:55:08.633",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-08 14:15
Modified
2024-11-21 04:27
Severity ?
Summary
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | 5.0.10 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BC04A270-6381-4956-B12B-4E970BB69149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls."
},
{
"lang": "es",
"value": "La correcci\u00f3n para el CVE-2019-11599, que afectaba al kernel de Linux versiones anteriores a 5.0.10, no estaba completa. Un usuario local podr\u00eda usar este fallo para conseguir infomaci\u00f3n confidencial, causar una denegaci\u00f3n de servicio o posiblemente tener otros impactos no especificados al desencadenar una condici\u00f3n de carrera on llamadas de mmget_not_zero o get_task_mm."
}
],
"id": "CVE-2019-14898",
"lastModified": "2024-11-21T04:27:38.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-08T14:15:11.640",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Severity ?
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "190D94DD-9CDB-413B-9A15-BFBDB1BB127C",
"versionEndExcluding": "3.16.69",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D641CA66-86A4-4172-9D98-206C31578C5E",
"versionEndExcluding": "4.4.182",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26",
"versionEndExcluding": "4.9.182",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658",
"versionEndExcluding": "4.14.127",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4",
"versionEndExcluding": "4.19.52",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5",
"versionEndExcluding": "5.1.11",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
},
{
"lang": "es",
"value": "Jonathan Looney detect\u00f3 que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
}
],
"id": "CVE-2019-11477",
"lastModified": "2024-11-21T04:21:09.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@ubuntu.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T00:15:12.640",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-28 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060C6B85-1F7F-40E7-82C6-7E4DFB3B6459",
"versionEndIncluding": "3.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter."
},
{
"lang": "es",
"value": "La funci\u00f3n chase_port en drivers/usb/serial/io_ti.c en el kernel de Linux anteriores a v3.7.4 permite a usuarios locales provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y ca\u00edda del sistema) /dev/ttyUSB a trav\u00e9s de un intento de leer o escribir en un convertidor serie Edgeport USB desconectado."
}
],
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-1774\r\n\"This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.\"",
"id": "CVE-2013-1774",
"lastModified": "2024-11-21T01:50:21.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-28T19:55:01.777",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/29"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1808-1"
},
{
"source": "secalert@redhat.com",
"url": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1808-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-11 03:00
Modified
2024-11-21 01:21
Severity ?
Summary
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| redhat | enterprise_mrg | 1.0 | |
| vmware | esx | 4.0 | |
| vmware | esx | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B2D05E-354E-4EBF-BC0D-2ABC8CCD36E6",
"versionEndIncluding": "2.6.33",
"versionStartIncluding": "2.6.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2422569B-02ED-4028-83D8-D778657596B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E66E4653-1A55-4827-888B-E0776E32ED28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6C8994CB-7F94-43FB-8B84-06AEBB34EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "95DD4647-564E-4067-A945-F52232C0A33A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el kernel de Linux 2.6.11-rc2 hasta 2.6.33. Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (kernel panic) a trav\u00e9s de un mensaje no enrutable ICMP a un socket que ya se encuentra bloqueado por un usuario, lo que provoca que el socket sea liberado y una corrupci\u00f3n de lista. Relacionado con la funci\u00f3n sctp_wait_for_connect."
}
],
"id": "CVE-2010-4526",
"lastModified": "2024-11-21T01:21:08.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-11T03:00:04.203",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42964"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/46397"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/13"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45661"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2011/0169"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/42964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/46397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/45661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2011/0169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key."
},
{
"lang": "es",
"value": "Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesi\u00f3n, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos a la hora de adivinar la clave de sesi\u00f3n."
}
],
"id": "CVE-2012-2681",
"lastModified": "2024-11-21T01:39:26.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.787",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-11 14:55
Modified
2024-11-21 02:01
Severity ?
Summary
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8082D9CA-E5CC-4B92-9F45-E257F246069F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
},
{
"lang": "es",
"value": "Cumin (tambi\u00e9n conocido como MRG Management Console), utilizado en Red Hat Enterprise MRG 2.5, no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesi\u00f3n, lo que facilita a atacantes remotos obtener informaci\u00f3n potencialmente sensible a trav\u00e9s del acceso de secuencias de comandos a esta cookie."
}
],
"id": "CVE-2014-0174",
"lastModified": "2024-11-21T02:01:33.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-11T14:55:03.617",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 7.5.4 | |
| redhat | enterprise_mrg | 2.0 | |
| redhat | enterprise_mrg | 2.1 | |
| redhat | enterprise_mrg | 2.2 | |
| redhat | enterprise_mrg | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE7A59E-1CF0-4DE8-84ED-5B6434C86574",
"versionEndIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2A5DA2-081C-4524-AE73-F9EFB23B412A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87927ABB-0BDC-493C-B4F4-E979B03DAC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15856E6B-7BF3-4377-8708-574F3F7334D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
},
{
"lang": "es",
"value": "La pol\u00edtica de definici\u00f3n evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL pol\u00edtica que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegaci\u00f3n de servicio (salida condor_startd) a trav\u00e9s de un trabajo manipulad"
}
],
"id": "CVE-2013-4255",
"lastModified": "2024-11-21T01:55:13.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-11T22:55:39.910",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-23 22:55
Modified
2024-11-21 01:55
Severity ?
Summary
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the \"filtering table operator.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el interfaz web para \"cumin\" en Red Hat Enterprise MRG Grid 2.4 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores relacionados con el \"filtrado de la tabla de operador\"."
}
],
"id": "CVE-2013-4461",
"lastModified": "2024-11-21T01:55:36.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-23T22:55:02.833",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-07 22:00
Modified
2024-11-21 01:20
Severity ?
Summary
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60D3DD4A-2984-4929-BF6A-30B8CE9B2974",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins."
},
{
"lang": "es",
"value": "La documentaci\u00f3n de instalaci\u00f3n de Red Hat Enterprise Messaging, Realtime and\r\nGrid (MRG) v1.3 recomienda que Condor debe ser configurado para que la consola de gestion de MRG (cumin) pueda enviar tareas a los usuarios, lo que crea un canal de confianza\r\ncon insuficientes controles de acceso, lo que permite ejecutar tareas como un usuario cualquiera a usuarios locales con la\r\ncapacidad de publicar a un broker a trav\u00e9s de las extensiones de Condor QMF."
}
],
"id": "CVE-2010-4179",
"lastModified": "2024-11-21T01:20:23.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-07T22:00:02.640",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42406"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1024806"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3091"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-05 17:55
Modified
2024-11-21 02:09
Severity ?
Summary
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_mrg | 2.0 | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14 | |
| linux | linux_kernel | 3.14.1 | |
| linux | linux_kernel | 3.14.2 | |
| linux | linux_kernel | 3.14.3 | |
| linux | linux_kernel | 3.14.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64AC2C28-4430-4AE4-A540-C4AF96D94B53",
"versionEndIncluding": "3.14.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:-:*:*:*:*:*:*",
"matchCriteriaId": "851B1505-0318-49F4-8D7C-196BE04FF173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1817B5C-356A-44FD-A645-AF224A59F6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3B528018-4A7E-4E59-A7CA-91D2A9536831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1795E18E-AE30-4230-809F-E40317FB96BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc4:*:*:*:*:*:*",
"matchCriteriaId": "0F91AF02-7C23-4888-A580-07C166BE8128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc5:*:*:*:*:*:*",
"matchCriteriaId": "61A7DB5C-EB54-4D4A-AB38-8060F13C8779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc6:*:*:*:*:*:*",
"matchCriteriaId": "4FF2C86B-7087-4EFC-A256-3AF313C25325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc7:*:*:*:*:*:*",
"matchCriteriaId": "14AC6A73-D01C-44F4-9821-BAE9600E72D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14:rc8:*:*:*:*:*:*",
"matchCriteriaId": "055557BE-1FE9-45F5-8A95-F8D3C9B031E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "742641DA-1CAE-4156-95F3-367793713696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBDD96-92E4-429F-A697-14364CF68EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "998AC0EF-FC56-4F8F-B9B2-1A45C80C2231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6C7930-913B-4B82-BF14-CD9A0E8A968F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c."
},
{
"lang": "es",
"value": "El kernel de Linux hasta 3.14.5 no considera debidamente la presencia de entradas hugetlb, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria o ca\u00edda de sistema) mediante el acceso a ciertas localizaciones de memoria, tal y como fue demostrado mediante el aprovechamiento de una condici\u00f3n de carrera a trav\u00e9s de operaciones de lectura numa_maps durante la migraci\u00f3n a hugepage, relacionado con fs/proc/task_mmu.c y mm/mempolicy.c."
}
],
"id": "CVE-2014-3940",
"lastModified": "2024-11-21T02:09:10.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-05T17:55:07.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59011"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61310"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/02/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67786"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097"
},
{
"source": "cve@mitre.org",
"url": "https://lkml.org/lkml/2014/3/18/784"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/02/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lkml.org/lkml/2014/3/18/784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-24 23:55
Modified
2024-11-21 01:28
Severity ?
Summary
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "156989A4-23D9-434A-B512-9C0F3583D13D",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de IPv6 en el kernel de Linux antes de v3.1 no genera valores de los fragmentos de identificaci\u00f3n por separado para cada destino, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos causar una denegaci\u00f3n de servicio (red interrumpida) mediante la predicci\u00f3n de estos valores y el env\u00edo de paquetes modificados."
}
],
"id": "CVE-2011-2699",
"lastModified": "2024-11-21T01:28:47.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-05-24T23:55:01.963",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027274"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1027274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-17 11:00
Modified
2024-11-21 01:36
Severity ?
Summary
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C16692B-B239-405B-998B-114907D6243D",
"versionEndExcluding": "3.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EB74DEB4-2BD1-4A65-AFDA-C331BC20C178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF49412C-CF41-4251-B1FB-F0E63AC9E019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*",
"matchCriteriaId": "A6B7CDCA-6F39-4113-B5D3-3AA9D7F3D809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
"matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:-:*:*:*",
"matchCriteriaId": "1A9E2971-0D30-4A8D-8BF8-99E4E9E4CF86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO."
},
{
"lang": "es",
"value": "La funci\u00f3n cifs_lookup en fs/cifs/dir.c en el n\u00facleo de Linux anteriores a v3.2.10 permite a usuarios locales causar una denegaci\u00f3n de servicio (OOPS) a trav\u00e9s de intentos de acceso a un archivo especial, como lo demuestra un FIFO."
}
],
"id": "CVE-2012-1090",
"lastModified": "2024-11-21T01:36:23.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-05-17T11:00:37.053",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48842"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48964"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/28/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798293"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/88d7d4e4a439f32acc56a6d860e415ee71d3df08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/48964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/88d7d4e4a439f32acc56a6d860e415ee71d3df08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:27
Severity ?
Summary
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_mrg | 2.0 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 | |
| canonical | ubuntu_linux | 11.04 | |
| canonical | ubuntu_linux | 11.10 | |
| debian | debian_linux | 5.0 | |
| debian | debian_linux | 6.0 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4367A8B9-ABB9-4E4E-9A2A-85719CBE8DAC",
"versionEndIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd."
},
{
"lang": "es",
"value": "net / core / net_namespace.c en el kernel de Linux v2.6.32 y anteriores no maneja adecuadamente una alta tasa de creaci\u00f3n y limpieza de los espacios de nombres de red, lo cual lo hace m\u00e1s f\u00e1cil para los atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de peticiones a un demonio que requiere un espacio de nombres separados por conexi\u00f3n, como se demuestra por vsftpd."
}
],
"id": "CVE-2011-2189",
"lastModified": "2024-11-21T01:27:46.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-10-10T10:55:05.503",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373"
},
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289"
},
{
"source": "secalert@redhat.com",
"url": "http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://patchwork.ozlabs.org/patch/88217/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2305"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/10"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/20"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1288-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711134"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://patchwork.ozlabs.org/patch/88217/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2011/dsa-2305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711245"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-10 11:55
Modified
2024-11-21 02:08
Severity ?
Summary
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| redhat | enterprise_mrg | 2.0 | |
| canonical | ubuntu_linux | 12.04 | |
| debian | debian_linux | 7.0 | |
| novell | suse_linux_enterprise_desktop | 12.0 | |
| novell | suse_linux_enterprise_server | 12.0 | |
| opensuse | evergreen | 11.4 | |
| suse | linux_enterprise_real_time_extension | 11 | |
| suse | linux_enterprise_software_development_kit | 12 | |
| suse | linux_enterprise_workstation_extension | 12 | |
| suse | suse_linux_enterprise_server | 11 | |
| oracle | linux | 5 | |
| oracle | linux | 6 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D4AA1-56D7-4CA2-9F6B-AFF5DC295374",
"versionEndExcluding": "3.2.64",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A5939-878C-4DD2-9BDF-308A9616CAC2",
"versionEndExcluding": "3.4.107",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6F5B79-847B-40A4-A86A-02ECF5222C5D",
"versionEndExcluding": "3.10.61",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE4711D-12D9-4BDA-86F5-6F6C3AF22A59",
"versionEndExcluding": "3.12.34",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEC5060-1B1C-4215-BD50-21710B905775",
"versionEndExcluding": "3.14.25",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08",
"versionEndExcluding": "3.16.35",
"versionStartIncluding": "3.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C15DCCA4-4748-46FF-B6BC-C1F5C70E3B2B",
"versionEndExcluding": "3.17.4",
"versionStartIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3DB41B45-D94D-4A58-88B0-B3EC3EC350E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
"matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFA18B6-2642-470A-A350-68947529EE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "C202F75B-221A-40BB-8A0D-451335B39937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
"matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter."
},
{
"lang": "es",
"value": "La funci\u00f3n sctp_assoc_lookup_asconf_ack en net/sctp/associola.c en la implementaci\u00f3n SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (kernel panic) a trav\u00e9s de trozos ASCONF duplicados que provocan una liberaci\u00f3n incorrecta dentro del int\u00e9rprete de efectos secundarios."
}
],
"id": "CVE-2014-3687",
"lastModified": "2024-11-21T02:08:39.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2014-11-10T11:55:06.627",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/62428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70766"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/62428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-09 15:15
Modified
2024-11-21 05:11
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20201222-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20201222-0001/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en una implementaci\u00f3n del kernel de Linux de algunos protocolos de red en IPsec, como los t\u00faneles VXLAN y GENEVE sobre IPv6.\u0026#xa0;Cuando es creado un t\u00fanel cifrado entre dos hosts, el kernel no enruta correctamente los datos en el t\u00fanel por medio del enlace cifrado;\u0026#xa0;en lugar de enviar los datos sin cifrar.\u0026#xa0;Esto permitir\u00eda a cualquiera que se encuentre entre los dos endpoints leer el tr\u00e1fico sin cifrar.\u0026#xa0;La principal amenaza de esta vulnerabilidad es la confidencialidad de los datos."
}
],
"id": "CVE-2020-1749",
"lastModified": "2024-11-21T05:11:18.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-09T15:15:10.300",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 16:29
Modified
2024-11-21 02:37
Severity ?
Summary
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.2 | |
| redhat | enterprise_linux | 7.3 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.3 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | enterprise_mrg | 2.0 | |
| redhat | kernel-rt | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4DC974-235F-4655-966F-2490A4C4E490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99A2411-7F6A-457F-A7BF-EB13C630F902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:kernel-rt:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91CBEE52-268D-4EA2-8DEB-090F88BA50CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot."
},
{
"lang": "es",
"value": "El kernel de Linux, tal y como se emplea en Red Hat Enterprise Linux 7, kernel-rt y Enterprise MRG 2 y cuando se emplea con UEFI Secure Boot habilitado, permite que usuarios locales omitan las restricciones securelevel/secureboot previstas aprovechando la gesti\u00f3n incorrecta de la marca secure_boot cuando se reinicia kexec."
}
],
"id": "CVE-2015-7837",
"lastModified": "2024-11-21T02:37:29.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T16:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/15/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77097"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/15/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 14:54
Modified
2024-11-21 01:55
Severity ?
Summary
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE39763-E666-4001-BDD3-0B11D4531366",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request."
},
{
"lang": "es",
"value": "Cumin, tal como se usa en Red Hat Enterprise MRG 2.4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (CPU y consumo de memoria) a trav\u00e9s de una petici\u00f3n de actualizaci\u00f3n Ajax manipulada."
}
],
"id": "CVE-2013-4284",
"lastModified": "2024-11-21T01:55:16.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-09T14:54:26.467",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1294.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1295.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1295.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029122"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cumin antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de una cookie de sesi\u00f3n modificada a mano."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html \u0027CWE-384: Session Fixation\u0027",
"evaluatorImpact": "Per: http://rhn.redhat.com/errata/RHSA-2012-1278.html\r\n\r\n\" An authenticated user able to\r\npre-set the Cumin session cookie in a victim\u0027s browser could possibly use\r\nthis flaw to steal the victim\u0027s session after they log into Cumin.\"",
"id": "CVE-2012-2735",
"lastModified": "2024-11-21T01:39:32.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:40
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor."
},
{
"lang": "es",
"value": "Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios adicionales a trav\u00e9s de par\u00e1metros modificados en una solicitud HTTP POST, lo que provoca una petici\u00f3n de cambio de atributo de un trabajo (job) de Condor."
}
],
"id": "CVE-2012-3459",
"lastModified": "2024-11-21T01:40:55.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.147",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55632"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-11 16:29
Modified
2024-11-21 04:42
Severity ?
Summary
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E6CFAF-D31D-4E5F-BB85-AC66A715BFF4",
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B15608-BABC-4663-A58F-B74BD2D1A734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*",
"matchCriteriaId": "36E85B24-30F2-42AB-9F68-8668C0FCC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CB3640-F55B-4127-875A-2F52D873D179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77C61DDC-81F3-4E2D-9CAA-17A256C85443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B0DA79-DF12-4418-B075-F048C9E2979A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B92409A9-0D6B-4B7E-8847-1B63837D201F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C5860E-9FEB-4259-92FD-A85911E2F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una fuga de informaci\u00f3n de direcciones en memoria din\u00e1mica mientras se usaba L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1."
}
],
"id": "CVE-2019-3459",
"lastModified": "2024-11-21T04:42:05.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-11T16:29:02.180",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"source": "security@debian.org",
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-18 17:00
Modified
2024-11-21 01:10
Severity ?
Summary
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | qpid | * | |
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 | |
| redhat | enterprise_mrg | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5CF09-B7B3-4E40-8546-11230A9B7755",
"versionEndIncluding": "0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "059C1E78-7197-4A08-9E1A-138F82F949EE",
"versionEndIncluding": "1.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange."
},
{
"lang": "es",
"value": "La funci\u00f3n SessionAdapter::ExchangeHandlerImpl::checkAlternate de broker/SessionAdapter.cpp del componente C++ Broker de Apache Qpid en versiones anteriores a la v0.6, tal como es utilizado en Red Hat Enterprise MRG en versiones anteriores a la v1.3 y otros productos, permite a usuarios autenticados remotos provocar una denegaci\u00f3n de servicio (resoluci\u00f3n de puntero NULL, ca\u00edda del demonio, y apag\u00f3n del cluster) tratando de modificar el suplente de un intercambio."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2009-5006",
"lastModified": "2024-11-21T01:10:58.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-18T17:00:02.610",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""
},
{
"lang": "es",
"value": "Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con (1) las p\u00e1ginas web (2) ls funcionalidad de exportaci\u00f3n\", y (3) la \"visualizaci\u00f3n de im\u00e1genes\"."
}
],
"id": "CVE-2012-2680",
"lastModified": "2024-11-21T01:39:26.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.727",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2024-11-21 01:11
Severity ?
Summary
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | * | |
| condor_project | condor | 7.4.0 | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 | |
| redhat | enterprise_mrg | 1.2 | |
| redhat | enterprise_mrg | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEB31F-4DF7-4639-A1E7-6BAAB4CA7303",
"versionEndIncluding": "7.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD09E081-B714-45A1-ACBB-28D805BFD01C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC7F3E0-9E2A-4FBF-A4E5-9CCBC8D4C7CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
},
{
"lang": "es",
"value": "La pol\u00edtica de definici\u00f3n evaluadora en Condor anterior a la versi\u00f3n 7.4.2 no maneja adecuadamente atributos en una pol\u00edtica WANT_SUSPEND que da como resultado un estado UNDEFINIED, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (condor_startd exit) a trav\u00e9s de un trabajo manipulado."
}
],
"id": "CVE-2009-5136",
"lastModified": "2024-11-21T01:11:14.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-11T22:55:35.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"source": "cve@mitre.org",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-12 19:15
Modified
2024-11-21 05:00
Severity ?
Summary
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 20.04 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74C74C8C-8070-4FB7-8E86-26641C4EE4FF",
"versionEndExcluding": "5.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de control de acceso de se\u00f1al en el kernel de Linux versiones anteriores a 5.6.5, se conoce como CID-7395ea4e65c2. Porque la funci\u00f3n exec_id en el archivo include/linux/sched.h presenta solo 32 bits, un desbordamiento de enteros puede interferir con un mecanismo de protecci\u00f3n do_notify_parent. Un proceso secundario puede enviar una se\u00f1al arbitraria hacia un proceso primario en un dominio de seguridad diferente. Las limitaciones de explotaci\u00f3n incluyen la cantidad de tiempo transcurrido antes de que ocurra un desbordamiento de enteros y una falta de escenarios donde las se\u00f1ales en un proceso primario presenten una amenaza operacional sustancial."
}
],
"id": "CVE-2020-12826",
"lastModified": "2024-11-21T05:00:20.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-12T19:15:11.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-12 21:00
Modified
2024-11-21 01:19
Severity ?
Summary
lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A675B98-74ED-46B3-AFE8-80B478D344B2",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message."
},
{
"lang": "es",
"value": "lib/MessageStoreImpl.cpp en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 permite a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de la pila de la memoria y ca\u00edda del sistema) mediante un mensaje persistente grande."
}
],
"id": "CVE-2010-3701",
"lastModified": "2024-11-21T01:19:25.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-12T21:00:02.210",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634014"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640006"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) \"error message displays\" or (2) \"in source HTML on certain pages.\""
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados relacionados con (1) \"los mensajes de error\" o (2) \"el c\u00f3digo fuente HTML de algunas p\u00e1ginas\"."
}
],
"id": "CVE-2012-2683",
"lastModified": "2024-11-21T01:39:26.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.867",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-15 20:55
Modified
2024-11-21 01:51
Severity ?
Summary
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E252E0BC-FCE3-40FA-9819-65999BD2F6A1",
"versionEndIncluding": "3.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "680D0E00-F29A-487C-8770-8E7EAC672B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCA96A4-A836-4E94-A39C-3AD3EA1D9611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "753C05E3-B603-4E36-B9BA-FAEDCBF62A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E385C2E0-B9F1-4564-8E6D-56FD9E762405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "041335D4-05E1-4004-9381-28AAD5994B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "370F2AE5-3DBC-46B9-AC70-F052C9229C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A971BE3-259D-4494-BBC5-12793D92DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4719A6-FDEA-4714-A830-E23A52AE90BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability."
},
{
"lang": "es",
"value": "El API de informe en el API de configuraci\u00f3n de cifrado del usuario en el kernel Linux v3.8.2 utiliza una funci\u00f3n incorrecta de biblioteca C para copiar las cadenas, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria de pila del n\u00facleo mediante el aprovechamiento de la capacidad CAP_NET_ADMIN."
}
],
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-2546 \"These issues do affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.\"",
"id": "CVE-2013-2546",
"lastModified": "2024-11-21T01:51:54.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-15T20:55:08.600",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de fasificaci\u00f3n de peticiones en sitios cruzados (CSRF) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios de su elecci\u00f3n para solicitudes que ejecutan comandos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-2734",
"lastModified": "2024-11-21T01:39:31.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:01.007",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-28 17:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trevor_mckay | cumin | * | |
| trevor_mckay | cumin | 0.1.3160-1 | |
| trevor_mckay | cumin | 0.1.4369-1 | |
| trevor_mckay | cumin | 0.1.4410-2 | |
| trevor_mckay | cumin | 0.1.4494-1 | |
| trevor_mckay | cumin | 0.1.4794-1 | |
| trevor_mckay | cumin | 0.1.4916-1 | |
| trevor_mckay | cumin | 0.1.5033-1 | |
| trevor_mckay | cumin | 0.1.5037-1 | |
| trevor_mckay | cumin | 0.1.5054-1 | |
| trevor_mckay | cumin | 0.1.5068-1 | |
| trevor_mckay | cumin | 0.1.5092-1 | |
| trevor_mckay | cumin | 0.1.5098-2 | |
| trevor_mckay | cumin | 0.1.5105-1 | |
| trevor_mckay | cumin | 0.1.5137-1 | |
| trevor_mckay | cumin | 0.1.5137-2 | |
| trevor_mckay | cumin | 0.1.5137-3 | |
| trevor_mckay | cumin | 0.1.5137-4 | |
| trevor_mckay | cumin | 0.1.5137-5 | |
| trevor_mckay | cumin | 0.1.5192-1 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
"versionEndIncluding": "0.1.5192-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
"matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
"matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
"matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
"matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
"matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
"matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la funci\u00f3n get_sample_filters_by_signature en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permiten la ejecuci\u00f3n remota de SQL arbitrarias a trav\u00e9s de (1) el id del agente (2) el id del objeto."
}
],
"id": "CVE-2012-2684",
"lastModified": "2024-11-21T01:39:26.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-28T17:55:00.913",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55618"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-09 13:15
Modified
2024-11-21 04:56
Severity ?
Summary
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_mrg | 2.0 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | steelstore_cloud_integrated_storage | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3070DCFB-4E15-456C-BE89-B03EAEBA93B1",
"versionEndExcluding": "4.9.227",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EAB43B-A485-4EEB-88CE-4F8EB793A283",
"versionEndExcluding": "4.14.184",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58378D83-E3CE-4858-9262-7393EC735F83",
"versionEndExcluding": "4.19.127",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C33C9CA-D039-43DF-8ACA-98E1D044A093",
"versionEndExcluding": "5.4.45",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2FE86C-FA1D-4BC8-B3BE-61E5DE47F1CE",
"versionEndExcluding": "5.6.17",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E822416-1757-40A4-A387-E1C797E531F1",
"versionEndExcluding": "5.7.1",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manej\u00f3 DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema"
}
],
"id": "CVE-2020-10757",
"lastModified": "2024-11-21T04:56:00.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-09T13:15:10.430",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842525"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://usn.ubuntu.com/4426-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://usn.ubuntu.com/4426-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-12 21:00
Modified
2024-11-21 01:17
Severity ?
Summary
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | qpid | 0.5 | |
| apache | qpid | 0.6 | |
| redhat | enterprise_mrg | * | |
| redhat | enterprise_mrg | 1.0 | |
| redhat | enterprise_mrg | 1.0.1 | |
| redhat | enterprise_mrg | 1.0.2 | |
| redhat | enterprise_mrg | 1.0.3 | |
| redhat | enterprise_mrg | 1.1.1 | |
| redhat | enterprise_mrg | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:qpid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71A147B7-2E6B-4E7A-8C68-BEDFCACD57AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:qpid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "760A5796-9BB5-45A3-AB0E-D3639D487A76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A675B98-74ED-46B3-AFE8-80B478D344B2",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E172C-4FBD-40AA-91F1-2858A74C5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A4D28-0EC4-4584-9126-A47003CD06AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12EE56E2-D7B7-4BF6-BC1F-86B8EE77F064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9A3A7B-4A61-4F2C-A8F9-D428B690294E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C6E954-7BBE-4214-9407-86322372FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED639614-7AE8-4DDE-9FE3-1554FE59202C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake."
},
{
"lang": "es",
"value": "sys/ssl/SslSocket.cpp en qpidd en Apache Qpid, como se usa en Red Hat Enterprise MRG en versiones anteriores a la 1.2.2 y otros productos, cuando SSL est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (parada de demonio) conectando al puerto SSL pero no participando en una negociaci\u00f3n SSL."
}
],
"id": "CVE-2010-3083",
"lastModified": "2024-11-21T01:17:59.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-12T21:00:02.103",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-28 19:55
Modified
2024-11-21 01:50
Severity ?
Summary
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:rc7:*:*:*:*:*:*",
"matchCriteriaId": "7DA95FF4-881D-44C4-B6A9-6B6A6DECCC18",
"versionEndIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D47A395-821D-4BFF-996E-E849D9A40217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*",
"matchCriteriaId": "8A603291-33B4-4195-B52D-D2A9938089C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la implementaci\u00f3n del sistema de ficheros VFAT en el kernel de Linux antes de v3.3 que permite a usuarios locales obtener privilegios o causar denegaci\u00f3n de servicios por una operaci\u00f3n de escritura VFAT en el sistema de ficheros con la opci\u00f3n de montado UTF-8, que no maneja correctamente conversiones de UTF-8 a UTF-16."
}
],
"evaluatorImpact": "Per https://access.redhat.com/security/cve/CVE-2013-1773\r\n\"This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.\"",
"id": "CVE-2013-1773",
"lastModified": "2024-11-21T01:50:21.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-28T19:55:01.667",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/23248/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/88310"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58200"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916115"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/23248/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/88310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-10 18:15
Modified
2024-11-21 01:33
Severity ?
Summary
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| condor_project | condor | 7.2.0 | |
| condor_project | condor | 7.2.1 | |
| condor_project | condor | 7.2.2 | |
| condor_project | condor | 7.2.3 | |
| condor_project | condor | 7.2.4 | |
| condor_project | condor | 7.2.5 | |
| condor_project | condor | 7.3.0 | |
| condor_project | condor | 7.3.1 | |
| condor_project | condor | 7.3.2 | |
| condor_project | condor | 7.4.0 | |
| condor_project | condor | 7.4.1 | |
| condor_project | condor | 7.4.2 | |
| condor_project | condor | 7.5.4 | |
| condor_project | condor | 7.6.0 | |
| condor_project | condor | 7.6.1 | |
| condor_project | condor | 7.6.2 | |
| condor_project | condor | 7.6.3 | |
| condor_project | condor | 7.6.4 | |
| fedoraproject | fedora | 15 | |
| fedoraproject | fedora | 16 | |
| redhat | enterprise_mrg | 1.3 | |
| redhat | enterprise_mrg | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91D459-EF92-430A-98E8-1131D8BD8682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C54D26-9124-49E6-8EBA-00AE0640633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3AD33E-A617-4C13-8858-7DCEDE3FDC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C66F0D08-3AE5-482A-B6AD-717475EB2D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAC286B-A140-44E8-9B29-60B96A6B4555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14883865-8C31-4D40-B969-D61FE18920C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F44106D-CD31-4FF2-A589-A7A7492FC0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D973598A-90C0-4AE0-A047-17866BD6DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05A424B0-D3AF-4AF6-8575-4AD6B8E91E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AA2890-BEC9-4AD6-AF74-6EC810E22AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68301687-793B-4A68-B1FB-A2B941A230C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55E4CE41-D1AF-4187-AA26-FCDEA2F52E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8464E672-FEB8-4EC2-97EA-D6615DB22F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2260133-CF29-4F2F-A05E-ED5FF10F190A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8B138A-F2DF-4B12-8B00-CC234D7E4BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33F6FDB7-FB85-4879-81E8-CBC0BA027C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A225C35-3DF2-4C5A-B3D6-BC70FCB6C241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:condor_project:condor:7.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BA94AB-761B-44BB-A188-FC609789BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60D3DD4A-2984-4929-BF6A-30B8CE9B2974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cadena de formato en Condor 7.2.0 hasta 7.6.4 y posiblemente ciertas versiones 7.7.x, como las utilizadas en Red Hat MRG Grid y posiblemente otros productos, permiten a usuarios locales causar una denegaci\u00f3n de servicio (demonio condor_schedd y fallo en el lanzamiento de trabajos) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena de especificadores de formato en (1) la raz\u00f3n de un retraso en un trabajo que utiliza un registro de usuario XML, (2) el nombre de un archivo pendiente de transferir y posiblemente otros vectores no especificados."
}
],
"id": "CVE-2011-4930",
"lastModified": "2024-11-21T01:33:19.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-10T18:15:09.310",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"source": "secalert@redhat.com",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-07 14:59
Modified
2024-11-21 02:50
Severity ?
Summary
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | - | |
| redhat | enterprise_mrg | 2.0 | |
| redhat | linux | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd."
},
{
"lang": "es",
"value": "El kernel de Linux, tal como se utiliza en Red Hat Enterprise Linux 7.2 y Red Hat Enterprise MRG 2 y cuando se arranca con UEFI Secure Boot habilitado, permite a usuarios locales eludir las restricciones destinadas a Secure Boot y ejecutar c\u00f3digo no confiable a\u00f1adiendo tablas ACPI para el initrd."
}
],
"id": "CVE-2016-3699",
"lastModified": "2024-11-21T02:50:31.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-07T14:59:03.897",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/93114"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/93114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-18 22:29
Modified
2024-11-21 03:53
Severity ?
Summary
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_mrg | 2.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7B0E80-3E3F-4B73-AC57-4D6989EF9805",
"versionEndExcluding": "3.16.65",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA41D1F8-EFFE-4EC9-B0AE-C5FFE82B6F74",
"versionEndExcluding": "3.18.133",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F2AFB8-B8E8-496E-8107-FACE504D851D",
"versionEndExcluding": "4.4.171",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FA30C2-06D9-4FC0-A64A-4D30FBF34810",
"versionEndExcluding": "4.9.151",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF1D6FF-6D18-4CEB-B3A5-21FCF8A36055",
"versionEndExcluding": "4.14.94",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD130255-0E04-4A26-94E8-CF4C39A962B1",
"versionEndExcluding": "4.19.16",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB066CC3-3C28-424B-A71C-352F4947F7FB",
"versionEndExcluding": "4.20.3",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out."
},
{
"lang": "es",
"value": "Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. Las comparticiones de NFS41+ montadas en diferentes espacios de nombre al mismo tiempo pueden hacer que bc_svc_process() emplee el ID de canal trasero err\u00f3neo y provoque una vulnerabilidad de uso de memoria previamente liberada. As\u00ed, un usuario contenedor malicioso puede provocar la corrupci\u00f3n de la memoria host del kernel y un p\u00e1nico del sistema. Debido a la naturaleza del error, no se puede descartar totalmente un escalado de privilegios."
}
],
"id": "CVE-2018-16884",
"lastModified": "2024-11-21T03:53:31.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-18T22:29:04.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106253"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2696"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2730"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://patchwork.kernel.org/cover/10733767/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://patchwork.kernel.org/patch/10733769/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K21430012"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3980-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3980-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3981-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://patchwork.kernel.org/cover/10733767/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://patchwork.kernel.org/patch/10733769/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K21430012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3980-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3980-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3981-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-04 21:55
Modified
2024-11-21 01:51
Severity ?
Summary
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "7D47A395-821D-4BFF-996E-E849D9A40217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
"matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*",
"matchCriteriaId": "8A603291-33B4-4195-B52D-D2A9938089C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
"matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
"matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
"matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:x86:*",
"matchCriteriaId": "8C3D9C66-933A-469E-9073-75015A8AD17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:x86:*",
"matchCriteriaId": "C92F29A0-DEFF-49E4-AE86-5DBDAD51C677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:x86:*",
"matchCriteriaId": "5690A703-390D-4D8A-9258-2F47116DAB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:x86:*",
"matchCriteriaId": "AB1EDDA7-15AF-4B45-A931-DFCBB1EEB701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:x86:*",
"matchCriteriaId": "952FE0DC-B2ED-4080-BF29-A2C265E83FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
"matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:x86:*",
"matchCriteriaId": "1CE7ABDB-6572-40E8-B952-CBE52C999858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
"matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:x86:*",
"matchCriteriaId": "0F417186-D1ED-4A31-92B2-83DEDA1AF272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
"matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:x86:*",
"matchCriteriaId": "3D4FCFAE-918C-4886-9A17-08A5B94D35F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:x86:*",
"matchCriteriaId": "830D2914-C9FE-406F-AFCE-7A04BB9E2896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:x86:*",
"matchCriteriaId": "F4B791B5-2EB5-403A-90CC-B219F6277D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:x86:*",
"matchCriteriaId": "2BA5F34D-7490-4B2B-A7E6-8450F9C1FC31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:x86:*",
"matchCriteriaId": "B803FE64-FC8D-4650-9FB9-FEEED4340416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:x86:*",
"matchCriteriaId": "4C560A9A-2388-4980-9E88-118C5EB806B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "680D0E00-F29A-487C-8770-8E7EAC672B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCA96A4-A836-4E94-A39C-3AD3EA1D9611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "753C05E3-B603-4E36-B9BA-FAEDCBF62A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E385C2E0-B9F1-4564-8E6D-56FD9E762405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "041335D4-05E1-4004-9381-28AAD5994B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "370F2AE5-3DBC-46B9-AC70-F052C9229C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A971BE3-259D-4494-BBC5-12793D92DB57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4719A6-FDEA-4714-A830-E23A52AE90BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27ADC356-6BE9-43A3-9E0B-393DC4B1559A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F543D23-1774-4D14-A7D1-AD49EDEA94DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FC323F58-CA00-4C3C-BA4D-CC2C0A6E5F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA0B2E3-668D-40ED-9D3D-709EB6449F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3431B258-4EC8-4E7F-87BB-4D934880601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B09FA1E-8B28-4F2A-BA7E-8E1C40365970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91917120-9D68-41C0-8B5D-85C256BC6200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42633FF9-FB0C-4095-B4A1-8D623A98683B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "08C04619-89A2-4B15-82A2-48BCC662C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5B039196-7159-476C-876A-C61242CC41DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*",
"matchCriteriaId": "BEE406E7-87BA-44BA-BF61-673E6CC44A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*",
"matchCriteriaId": "29FBA173-658F-45DC-8205-934CACD67166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*",
"matchCriteriaId": "139700F0-BA32-40CF-B9DF-C9C450384FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E578085C-3968-4543-BEBA-EE3C3CB4FA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA441-68FB-4559-A245-FF0B79DE43CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2508D8-6571-4B81-A0D7-E494CCD039CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B516926-5E86-4C0A-85F3-F64E1FCDA249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "069D774D-79BE-479F-BF4E-F021AD808114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D15B27A9-46E0-4DDF-A00C-29F8F1F18D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A381BB4A-28B4-4672-87EE-91B3DDD6C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "922F80CF-937D-4FA2-AFF2-6E47FFE9E1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A548ADF4-9E3B-407C-A5ED-05150EB3A185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C623230-4497-41B9-9BD2-7A6CFDD77983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A91DB1A2-8160-46FE-AB5F-ECABD9A384F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive."
},
{
"lang": "es",
"value": "La funci\u00f3n mmc_ioctl_cdrom_read_data en drivers/cdrom/cdrom.c en el kernel de Linux hasta v3.10 permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de operaciones de lectura en una unidad de CD-ROM que no funcione correctamente"
}
],
"id": "CVE-2013-2164",
"lastModified": "2024-11-21T01:51:10.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-04T21:55:00.997",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2766"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/10/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1912-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1913-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1941-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1942-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/10/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1912-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1913-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1941-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1942-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973100"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-2682
Vulnerability from cvelistv5
Published
2014-07-19 19:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0858.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=830254 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-0859.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830254"
},
{
"name": "RHSA-2014:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-19T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=830254"
},
{
"name": "RHSA-2014:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2682",
"datePublished": "2014-07-19T19:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2164
Vulnerability from cvelistv5
Published
2013-07-04 21:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"name": "USN-1913-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1913-1"
},
{
"name": "SUSE-SU-2013:1473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "RHSA-2013:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "DSA-2766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2766"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2"
},
{
"name": "[oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/10/9"
},
{
"name": "SUSE-SU-2013:1474",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973100"
},
{
"name": "USN-1941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1941-1"
},
{
"name": "USN-1942-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1942-1"
},
{
"name": "USN-1912-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1912-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-28T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
},
{
"name": "USN-1913-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1913-1"
},
{
"name": "SUSE-SU-2013:1473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "RHSA-2013:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "DSA-2766",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2766"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2"
},
{
"name": "[oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/06/10/9"
},
{
"name": "SUSE-SU-2013:1474",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973100"
},
{
"name": "USN-1941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1941-1"
},
{
"name": "USN-1942-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1942-1"
},
{
"name": "USN-1912-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1912-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2164",
"datePublished": "2013-07-04T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8171
Vulnerability from cvelistv5
Published
2018-02-09 22:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-0068.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-0864.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-2152.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1198109 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/74293 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2015-2411.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"name": "RHSA-2015:0864",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"name": "RHSA-2015:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
},
{
"name": "74293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74293"
},
{
"name": "RHSA-2015:2411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-09T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:0068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"
},
{
"name": "RHSA-2015:0864",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"name": "RHSA-2015:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198109"
},
{
"name": "74293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74293"
},
{
"name": "RHSA-2015:2411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8171",
"datePublished": "2018-02-09T22:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:51.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4255
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1172.html | vendor-advisory, x_refsource_REDHAT | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1171.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=919401 | x_refsource_CONFIRM | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"name": "RHSA-2013:1171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1172.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786"
},
{
"name": "RHSA-2013:1171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1171.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919401"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4255",
"datePublished": "2013-10-11T22:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4526
Vulnerability from cvelistv5
Published
2011-01-11 01:00
Modified
2024-08-07 03:51
Severity ?
EPSS score ?
Summary
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html"
},
{
"name": "[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/13"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/3"
},
{
"name": "45661",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45661"
},
{
"name": "ADV-2011-0169",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819"
},
{
"name": "kernel-icmp-message-dos(64616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616"
},
{
"name": "42964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:0163",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0163.html"
},
{
"name": "[oss-security] 20110104 Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/13"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "[oss-security] 20110104 CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/04/3"
},
{
"name": "45661",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45661"
},
{
"name": "ADV-2011-0169",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=50b5d6ad63821cea324a5a7a19854d4de1a0a819"
},
{
"name": "kernel-icmp-message-dos(64616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64616"
},
{
"name": "42964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42964"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4526",
"datePublished": "2011-01-11T01:00:00",
"dateReserved": "2010-12-09T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2683
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html | vendor-advisory, x_refsource_FEDORA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78772 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"name": "cumin-redhat-xss(78772)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) \"error message displays\" or (2) \"in source HTML on certain pages.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830243"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
},
{
"name": "cumin-redhat-xss(78772)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2683",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2925
Vulnerability from cvelistv5
Published
2011-09-19 15:00
Modified
2024-08-06 23:15
Severity ?
EPSS score ?
Summary
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1026021 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/45928 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/49500 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/75217 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/45887 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2011-1250.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=731574 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-1249.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69659 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:32.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1026021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026021"
},
{
"name": "45928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45928"
},
{
"name": "49500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49500"
},
{
"name": "75217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75217"
},
{
"name": "45887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45887"
},
{
"name": "RHSA-2011:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1250.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731574"
},
{
"name": "RHSA-2011:1249",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1249.html"
},
{
"name": "cumin-log-files-sec-bypass(69659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1026021",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026021"
},
{
"name": "45928",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45928"
},
{
"name": "49500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49500"
},
{
"name": "75217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75217"
},
{
"name": "45887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45887"
},
{
"name": "RHSA-2011:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1250.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731574"
},
{
"name": "RHSA-2011:1249",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1249.html"
},
{
"name": "cumin-log-files-sec-bypass(69659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69659"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2925",
"datePublished": "2011-09-19T15:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:32.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14898
Vulnerability from cvelistv5
Published
2020-05-08 13:50
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Linux kernel | kernel |
Version: < 5.0.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux kernel",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14898",
"datePublished": "2020-05-08T13:50:58",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7837
Vulnerability from cvelistv5
Published
2017-09-19 16:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1272472 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-2152.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/77097 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/10/15/6 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2015-2411.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472"
},
{
"name": "RHSA-2015:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"name": "77097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77097"
},
{
"name": "[oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/15/6"
},
{
"name": "RHSA-2015:2411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472"
},
{
"name": "RHSA-2015:2152",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"name": "77097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77097"
},
{
"name": "[oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/15/6"
},
{
"name": "RHSA-2015:2411",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798",
"refsource": "CONFIRM",
"url": "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1272472"
},
{
"name": "RHSA-2015:2152",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2152.html"
},
{
"name": "77097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77097"
},
{
"name": "[oss-security] 20151015 Re: CVE Request - Linux kernel - securelevel/secureboot bypass.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/15/6"
},
{
"name": "RHSA-2015:2411",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2411.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7837",
"datePublished": "2017-09-19T16:00:00",
"dateReserved": "2015-10-15T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3917
Vulnerability from cvelistv5
Published
2014-06-05 17:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.
References
| ▼ | URL | Tags |
|---|---|---|
| http://article.gmane.org/gmane.linux.kernel/1713179 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2335-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.ubuntu.com/usn/USN-2334-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/60564 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/59777 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2014-1143.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/60011 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2014/05/29/5 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1102571 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[linux-kernel] 20140528 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.kernel/1713179"
},
{
"name": "USN-2335-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name": "USN-2334-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "60564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60564"
},
{
"name": "59777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59777"
},
{
"name": "RHSA-2014:1143",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1143.html"
},
{
"name": "60011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60011"
},
{
"name": "[oss-security] 20140529 Re: CVE request: Linux kernel DoS with syscall auditing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/29/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102571"
},
{
"name": "RHSA-2014:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1281.html"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-08T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[linux-kernel] 20140528 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.linux.kernel/1713179"
},
{
"name": "USN-2335-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name": "USN-2334-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "60564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60564"
},
{
"name": "59777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59777"
},
{
"name": "RHSA-2014:1143",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1143.html"
},
{
"name": "60011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60011"
},
{
"name": "[oss-security] 20140529 Re: CVE request: Linux kernel DoS with syscall auditing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/29/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102571"
},
{
"name": "RHSA-2014:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1281.html"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[linux-kernel] 20140528 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.linux.kernel/1713179"
},
{
"name": "USN-2335-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2335-1"
},
{
"name": "USN-2334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2334-1"
},
{
"name": "60564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60564"
},
{
"name": "59777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59777"
},
{
"name": "RHSA-2014:1143",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1143.html"
},
{
"name": "60011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60011"
},
{
"name": "[oss-security] 20140529 Re: CVE request: Linux kernel DoS with syscall auditing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/29/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1102571",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102571"
},
{
"name": "RHSA-2014:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1281.html"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3917",
"datePublished": "2014-06-05T17:00:00",
"dateReserved": "2014-05-29T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2685
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78774 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "cumin-redhat-dos(78774)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830248"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "cumin-redhat-dos(78774)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78774"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2685",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10757
Vulnerability from cvelistv5
Published
2020-06-09 12:40
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842525"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "FEDORA-2020-203ffedeb5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0004/"
},
{
"name": "USN-4439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"name": "USN-4426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4426-1/"
},
{
"name": "USN-4440-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4483-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions after 4.5-rc1."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T14:06:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9"
},
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842525"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "FEDORA-2020-203ffedeb5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC/"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0004/"
},
{
"name": "USN-4439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4439-1/"
},
{
"name": "USN-4426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4426-1/"
},
{
"name": "USN-4440-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4440-1/"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4483-1/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10757",
"datePublished": "2020-06-09T12:40:56",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3706
Vulnerability from cvelistv5
Published
2017-10-18 14:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101507 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1154977 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101507"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "101507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101507"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3706",
"datePublished": "2017-10-18T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11477
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"name": "RHSA-2019:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.4.182",
"status": "affected",
"version": "4.4",
"versionType": "custom"
},
{
"lessThan": "4.9.182",
"status": "affected",
"version": "4.9",
"versionType": "custom"
},
{
"lessThan": "4.14.127",
"status": "affected",
"version": "4.14",
"versionType": "custom"
},
{
"lessThan": "4.19.52",
"status": "affected",
"version": "4.19",
"versionType": "custom"
},
{
"lessThan": "5.1.11",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Looney from Netflix"
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:56",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"name": "RHSA-2019:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4017-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
],
"discovery": "UNKNOWN"
},
"title": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "SACK Panic",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-06-17T00:00:00.000Z",
"ID": "CVE-2019-11477",
"STATE": "PUBLIC",
"TITLE": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4",
"version_value": "4.4.182"
},
{
"version_affected": "\u003c",
"version_name": "4.9",
"version_value": "4.9.182"
},
{
"version_affected": "\u003c",
"version_name": "4.14",
"version_value": "4.14.127"
},
{
"version_affected": "\u003c",
"version_name": "4.19",
"version_value": "4.19.52"
},
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.11"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Looney from Netflix"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#905115",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/20/3"
},
{
"name": "RHSA-2019:1594",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic",
"refsource": "MISC",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/tcpsack",
"refsource": "MISC",
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"name": "https://support.f5.com/csp/article/K78234183",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K78234183"
},
{
"name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_28",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/4017-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11477",
"datePublished": "2019-06-18T23:34:51.026970Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-17T02:21:15.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2735
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78776 | vdb-entry, x_refsource_XF | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 | x_refsource_MISC | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "cumin-redhat-session-hijacking(78776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "cumin-redhat-session-hijacking(78776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2735",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2548
Vulnerability from cvelistv5
Published
2013-03-14 20:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1796-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 | x_refsource_CONFIRM | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.ubuntu.com/usn/USN-1797-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2013/03/05/13 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1793-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1794-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.ubuntu.com/usn/USN-1795-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1796-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"name": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2548",
"datePublished": "2013-03-14T20:00:00",
"dateReserved": "2013-03-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3701
Vulnerability from cvelistv5
Published
2010-10-12 20:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0756.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=634014 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=640006 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2010-0757.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640006"
},
{
"name": "RHSA-2010:0757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-12T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=634014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640006"
},
{
"name": "RHSA-2010:0757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3701",
"datePublished": "2010-10-12T20:00:00Z",
"dateReserved": "2010-10-01T00:00:00Z",
"dateUpdated": "2024-08-07T03:18:53.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4179
Vulnerability from cvelistv5
Published
2010-12-07 21:00
Modified
2024-08-07 03:34
Severity ?
EPSS score ?
Summary
The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1024806 | vdb-entry, x_refsource_SECTRACK | |
| http://www.redhat.com/support/errata/RHSA-2010-0922.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.vupen.com/english/advisories/2010/3091 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/42406 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2010-0921.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=654856 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1024806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024806"
},
{
"name": "RHSA-2010:0922",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html"
},
{
"name": "ADV-2010-3091",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3091"
},
{
"name": "42406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42406"
},
{
"name": "RHSA-2010:0921",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid (MRG) 1.3 recommends that Condor should be configured so that the MRG Management Console (cumin) can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with the ability to publish to a broker to run jobs as arbitrary users via Condor QMF plug-ins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-07T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1024806",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024806"
},
{
"name": "RHSA-2010:0922",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0922.html"
},
{
"name": "ADV-2010-3091",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3091"
},
{
"name": "42406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42406"
},
{
"name": "RHSA-2010:0921",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0921.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654856"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4179",
"datePublished": "2010-12-07T21:00:00Z",
"dateReserved": "2010-11-04T00:00:00Z",
"dateUpdated": "2024-08-07T03:34:37.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1774
Vulnerability from cvelistv5
Published
2013-02-28 19:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0847",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
},
{
"name": "USN-1805-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"name": "USN-1808-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1808-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"name": "SUSE-SU-2013:1474",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"name": "[oss-security] 20130227 Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/29"
},
{
"name": "RHSA-2013:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"name": "openSUSE-SU-2013:0925",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "SUSE-SU-2013:1182",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0847",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
},
{
"name": "USN-1805-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"name": "USN-1808-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1808-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/1ee0a224bc9aad1de496c795f96bc6ba2c394811"
},
{
"name": "SUSE-SU-2013:1474",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
},
{
"name": "[oss-security] 20130227 Re: CVE request: Linux kernel: USB: io_ti: NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/29"
},
{
"name": "RHSA-2013:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"name": "openSUSE-SU-2013:0925",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "SUSE-SU-2013:1182",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1774",
"datePublished": "2013-02-28T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4470
Vulnerability from cvelistv5
Published
2016-06-27 10:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "SUSE-SU-2016:2011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"name": "USN-3054-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3054-1"
},
{
"name": "SUSE-SU-2016:2003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"name": "RHSA-2016:1657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3051-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3051-1"
},
{
"name": "RHSA-2016:2128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "RHSA-2016:2133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "SUSE-SU-2016:2001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3053-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3053-1"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "SUSE-SU-2016:1998",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
},
{
"name": "USN-3055-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3055-1"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "USN-3056-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3056-1"
},
{
"name": "USN-3052-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3052-1"
},
{
"name": "USN-3049-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "RHSA-2016:1541",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "SUSE-SU-2016:2018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "RHSA-2016:1539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "RHSA-2016:1532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
},
{
"name": "RHSA-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
},
{
"name": "USN-3050-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:1999",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
},
{
"name": "USN-3057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3057-1"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "RHSA-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "SUSE-SU-2016:2011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
},
{
"name": "USN-3054-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3054-1"
},
{
"name": "SUSE-SU-2016:2003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
},
{
"name": "RHSA-2016:1657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3051-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3051-1"
},
{
"name": "RHSA-2016:2128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "RHSA-2016:2133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "SUSE-SU-2016:2001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3053-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3053-1"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "SUSE-SU-2016:1998",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
},
{
"name": "USN-3055-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3055-1"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "USN-3056-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3056-1"
},
{
"name": "USN-3052-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3052-1"
},
{
"name": "USN-3049-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "RHSA-2016:1541",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "SUSE-SU-2016:2018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "RHSA-2016:1539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "RHSA-2016:1532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
},
{
"name": "RHSA-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
},
{
"name": "USN-3050-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:1999",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:2076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
},
{
"name": "USN-3057-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3057-1"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "RHSA-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4470",
"datePublished": "2016-06-27T10:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1097
Vulnerability from cvelistv5
Published
2012-05-17 10:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "SUSE-SU-2012:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"name": "48898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799209"
},
{
"name": "RHSA-2012:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"name": "[oss-security] 20120305 CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"name": "48964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e"
},
{
"name": "SUSE-SU-2012:0616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"name": "48842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "SUSE-SU-2012:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"name": "48898",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799209"
},
{
"name": "RHSA-2012:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"name": "[oss-security] 20120305 CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"name": "48964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e"
},
{
"name": "SUSE-SU-2012:0616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"name": "48842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c8e252586f8d5de906385d8cf6385fee289a825e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1097",
"datePublished": "2012-05-17T10:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1350
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1185139 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/76075 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=linux-kernel&m=142153722930533&w=2 | mailing-list, x_refsource_MLIST | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/01/24/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
},
{
"name": "76075",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76075"
},
{
"name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
},
{
"name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
},
{
"name": "76075",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76075"
},
{
"name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
},
{
"name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
},
{
"name": "76075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76075"
},
{
"name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
},
{
"name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1350",
"datePublished": "2016-05-02T10:00:00",
"dateReserved": "2015-01-24T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8181
Vulnerability from cvelistv5
Published
2019-11-06 14:47
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1335817 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Red Hat | Enterprise Linux |
Version: 7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Enterprise Linux",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "7"
}
]
}
],
"datePublic": "2016-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T14:47:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335817"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8181",
"datePublished": "2019-11-06T14:47:24",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1773
Vulnerability from cvelistv5
Published
2013-02-28 19:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=916115 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-0928.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2013/02/26/8 | mailing-list, x_refsource_MLIST | |
| https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd | x_refsource_CONFIRM | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/23248/ | exploit, x_refsource_EXPLOIT-DB | |
| http://rhn.redhat.com/errata/RHSA-2013-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/58200 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/88310 | vdb-entry, x_refsource_OSVDB | |
| http://rhn.redhat.com/errata/RHSA-2013-1026.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916115"
},
{
"name": "RHSA-2013:0928",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"name": "[oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"name": "23248",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/23248/"
},
{
"name": "RHSA-2013:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"name": "58200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58200"
},
{
"name": "88310",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/88310"
},
{
"name": "RHSA-2013:1026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916115"
},
{
"name": "RHSA-2013:0928",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0928.html"
},
{
"name": "[oss-security] 20130226 Re: CVE request - Linux kernel: VFAT slab-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd"
},
{
"name": "23248",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/23248/"
},
{
"name": "RHSA-2013:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2"
},
{
"name": "58200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58200"
},
{
"name": "88310",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/88310"
},
{
"name": "RHSA-2013:1026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1773",
"datePublished": "2013-02-28T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2734
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78775 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-csrf(78775)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-csrf(78775)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78775"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2734",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2546
Vulnerability from cvelistv5
Published
2013-03-14 20:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1796-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 | x_refsource_CONFIRM | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.ubuntu.com/usn/USN-1797-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2013/03/05/13 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1793-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1794-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.ubuntu.com/usn/USN-1795-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1796-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"name": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2546",
"datePublished": "2013-03-14T20:00:00",
"dateReserved": "2013-03-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15128
Vulnerability from cvelistv5
Published
2018-01-14 06:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2017-15128 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525222 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df | x_refsource_MISC | |
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Linux kernel before 4.13.12 |
Version: Linux kernel before 4.13.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel before 4.13.12",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel before 4.13.12"
}
]
}
],
"datePublic": "2018-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-14T05:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15128",
"datePublished": "2018-01-14T06:00:00",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1909
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-16 17:42
Severity ?
EPSS score ?
Summary
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/53968 | third-party-advisory, x_refsource_SECUNIA | |
| http://svn.apache.org/viewvc?view=revision&revision=1460013 | x_refsource_CONFIRM | |
| https://issues.apache.org/jira/browse/QPID-4918 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1024.html | vendor-advisory, x_refsource_REDHAT | |
| http://qpid.apache.org/releases/qpid-0.22/release-notes.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54137 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53968"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"name": "RHSA-2013:1024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"name": "54137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54137"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53968"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"name": "RHSA-2013:1024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"name": "54137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54137"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53968"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1460013"
},
{
"name": "https://issues.apache.org/jira/browse/QPID-4918",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/QPID-4918"
},
{
"name": "RHSA-2013:1024",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1024.html"
},
{
"name": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html",
"refsource": "CONFIRM",
"url": "http://qpid.apache.org/releases/qpid-0.22/release-notes.html"
},
{
"name": "54137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54137"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1909",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:42:38.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4414
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1851.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606"
},
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the \"Max allowance\" field in the \"Set limit\" form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998606"
},
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4414",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2547
Vulnerability from cvelistv5
Published
2013-03-14 20:00
Modified
2024-08-06 15:44
Severity ?
EPSS score ?
Summary
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1796-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 | x_refsource_CONFIRM | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.ubuntu.com/usn/USN-1797-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2013/03/05/13 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-1793-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1794-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.ubuntu.com/usn/USN-1795-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1796-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1796-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1796-1"
},
{
"name": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9a5467bf7b6e9e02ec9c3da4e23747c05faeaac6"
},
{
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name": "USN-1797-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1797-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1793-1"
},
{
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1794-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1794-1"
},
{
"name": "USN-1795-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1795-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2547",
"datePublished": "2013-03-14T20:00:00",
"dateReserved": "2013-03-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27786
Vulnerability from cvelistv5
Published
2020-12-11 04:05
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/12/03/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1900933 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210122-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
},
{
"name": "[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.7-rc6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u2019s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-12T14:31:27",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
},
{
"name": "[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.7-rc6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel\u2019s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d"
},
{
"name": "[oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/03/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900933"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27786",
"datePublished": "2020-12-11T04:05:29",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4461
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1016263 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1851.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"
},
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the \"filtering table operator.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016263"
},
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4461",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4405
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1851.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998561"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4405",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3301
Vulnerability from cvelistv5
Published
2013-04-29 10:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
},
{
"name": "USN-1834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1834-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"name": "RHSA-2013:1051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
},
{
"name": "SUSE-SU-2013:1473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
},
{
"name": "USN-1835-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1835-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"name": "USN-1838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1838-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1836-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1836-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-05T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8"
},
{
"name": "USN-1834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1834-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"name": "RHSA-2013:1051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1051.html"
},
{
"name": "SUSE-SU-2013:1473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
},
{
"name": "[oss-security] 20130415 CVE request - Linux kernel: tracing NULL pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/1"
},
{
"name": "USN-1835-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1835-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d"
},
{
"name": "USN-1838-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1838-1"
},
{
"name": "openSUSE-SU-2013:1971",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name": "USN-1836-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1836-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-3301",
"datePublished": "2013-04-29T10:00:00",
"dateReserved": "2013-04-28T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15127
Vulnerability from cvelistv5
Published
2018-01-14 06:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2018:1062 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525218 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2018:0676 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2017-15127 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102517 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Linux kernel before 4.13 |
Version: Linux kernel before 4.13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
{
"name": "102517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel before 4.13",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel before 4.13"
}
]
}
],
"datePublic": "2018-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-460",
"description": "CWE-460",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525218"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2017-15127"
},
{
"name": "102517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102517"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15127",
"datePublished": "2018-01-14T06:00:00",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2015
Vulnerability from cvelistv5
Published
2013-04-29 10:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca | x_refsource_CONFIRM | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3 | x_refsource_CONFIRM | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=957123 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2013/04/26/16 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=957123"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "[oss-security] 20130426 Re: CVE request: Linux kernel: ext4: hang during mount(8)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/26/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e9a9a1ad619e7e987815d20262d36a2f95717ca"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=957123"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "[oss-security] 20130426 Re: CVE request: Linux kernel: ext4: hang during mount(8)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/26/16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2015",
"datePublished": "2013-04-29T10:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27825
Vulnerability from cvelistv5
Published
2020-12-11 17:13
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1905155 | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4843 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210521-0008/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before kernel 5.10-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362-\u003eCWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-21T08:06:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "before kernel 5.10-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362-\u003eCWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"name": "DSA-4843",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27825",
"datePublished": "2020-12-11T17:13:31",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3459
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55632 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501 | x_refsource_MISC | |
| http://secunia.com/advisories/50666 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-25T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
},
{
"name": "50666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50666"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3459",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5136
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
References
| ▼ | URL | Tags |
|---|---|---|
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=540545 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2010-0773.html | vendor-advisory, x_refsource_REDHAT | |
| http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-11T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001",
"refsource": "CONFIRM",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=540545",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"name": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5136",
"datePublished": "2013-10-11T22:00:00Z",
"dateReserved": "2013-10-11T00:00:00Z",
"dateUpdated": "2024-09-17T03:23:50.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6461
Vulnerability from cvelistv5
Published
2019-11-05 14:07
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-6461 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2013-6461 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/12/27/2 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/64513 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90059 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Ruby | Nokogiri gem |
Version: 1.5.x Version: 1.6.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6461"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nokogiri gem",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "1.5.x"
},
{
"status": "affected",
"version": "1.6.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "while parsing XML entities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T14:07:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6461"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nokogiri gem",
"version": {
"version_data": [
{
"version_value": "1.5.x"
},
{
"version_value": "1.6.x"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "while parsing XML entities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-6461",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6461"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"
},
{
"name": "https://access.redhat.com/security/cve/cve-2013-6461",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2013-6461"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"name": "http://www.securityfocus.com/bid/64513",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/64513"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6461",
"datePublished": "2019-11-05T14:07:42",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6460
Vulnerability from cvelistv5
Published
2019-11-05 14:02
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-6460 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2013-6460 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/12/27/2 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/64513 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90058 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Ruby | Nokogiri gem |
Version: 1.5.x Version: 1.6.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nokogiri gem",
"vendor": "Ruby",
"versions": [
{
"status": "affected",
"version": "1.5.x"
},
{
"status": "affected",
"version": "1.6.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "while parsing XML documents",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T14:02:54",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-6460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/64513"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nokogiri gem",
"version": {
"version_data": [
{
"version_value": "1.5.x"
},
{
"version_value": "1.6.x"
}
]
}
}
]
},
"vendor_name": "Ruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "while parsing XML documents"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-6460",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-6460"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"
},
{
"name": "https://access.redhat.com/security/cve/cve-2013-6460",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2013-6460"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/12/27/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/12/27/2"
},
{
"name": "http://www.securityfocus.com/bid/64513",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/64513"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6460",
"datePublished": "2019-11-05T14:02:54",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4133
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2009-1689.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/54984 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/37766 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2009-1688.html | vendor-advisory, x_refsource_REDHAT | |
| http://securitytracker.com/id?1023378 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/37443 | vdb-entry, x_refsource_BID | |
| http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018 | x_refsource_MISC | |
| http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=544371 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37803 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"name": "condor-jobs-security-bypass(54984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"name": "37766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37766"
},
{
"name": "RHSA-2009:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"name": "1023378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023378"
},
{
"name": "37443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"name": "37803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2009:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"name": "condor-jobs-security-bypass(54984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"name": "37766",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37766"
},
{
"name": "RHSA-2009:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"name": "1023378",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023378"
},
{
"name": "37443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"name": "37803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1689",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1689.html"
},
{
"name": "condor-jobs-security-bypass(54984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54984"
},
{
"name": "37766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37766"
},
{
"name": "RHSA-2009:1688",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1688.html"
},
{
"name": "1023378",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023378"
},
{
"name": "37443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37443"
},
{
"name": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018",
"refsource": "MISC",
"url": "http://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1018"
},
{
"name": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html",
"refsource": "CONFIRM",
"url": "http://www.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2009-0001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=544371",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=544371"
},
{
"name": "37803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37803"
},
{
"name": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000",
"refsource": "CONFIRM",
"url": "http://www.cs.wisc.edu/condor/manual/v7.4/8_3Stable_Release.html#SECTION00931000000000000000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4133",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-12-01T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4345
Vulnerability from cvelistv5
Published
2013-10-10 10:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2065-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690"
},
{
"name": "USN-2110-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"name": "RHSA-2013:1490",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "RHSA-2013:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "USN-2076-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"name": "USN-2158-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2158-1"
},
{
"name": "USN-2070-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2070-1"
},
{
"name": "USN-2071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"name": "USN-2109-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"name": "RHSA-2013:1449",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"name": "62740",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62740"
},
{
"name": "USN-2074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"name": "USN-2068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"name": "[linux-crypto] 20130917 [PATCH] ansi_cprng: Fix off by one error in non-block size request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=linux-crypto-vger\u0026m=137942122902845\u0026w=2"
},
{
"name": "USN-2072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"name": "USN-2075-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2075-1"
},
{
"name": "USN-2064-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2064-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-19T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2065-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007690"
},
{
"name": "USN-2110-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2110-1"
},
{
"name": "RHSA-2013:1490",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "RHSA-2013:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "USN-2076-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2076-1"
},
{
"name": "USN-2158-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2158-1"
},
{
"name": "USN-2070-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2070-1"
},
{
"name": "USN-2071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2071-1"
},
{
"name": "USN-2109-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2109-1"
},
{
"name": "RHSA-2013:1449",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
},
{
"name": "62740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62740"
},
{
"name": "USN-2074-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2074-1"
},
{
"name": "USN-2068-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2068-1"
},
{
"name": "[linux-crypto] 20130917 [PATCH] ansi_cprng: Fix off by one error in non-block size request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=linux-crypto-vger\u0026m=137942122902845\u0026w=2"
},
{
"name": "USN-2072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2072-1"
},
{
"name": "USN-2075-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2075-1"
},
{
"name": "USN-2064-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2064-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4345",
"datePublished": "2013-10-10T10:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3687
Vulnerability from cvelistv5
Published
2014-11-10 11:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"name": "SUSE-SU-2015:1489",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"name": "HPSBGN03285",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"name": "SUSE-SU-2015:0736",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "USN-2418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"name": "SUSE-SU-2015:0652",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "RHSA-2015:0062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"name": "USN-2417-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "HPSBGN03282",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"name": "SUSE-SU-2015:0178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"name": "DSA-3060",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "SUSE-SU-2015:0481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "62428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62428"
},
{
"name": "openSUSE-SU-2015:0566",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "70766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
},
{
"name": "SUSE-SU-2015:0529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "RHSA-2015:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"name": "SUSE-SU-2015:1489",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"name": "HPSBGN03285",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"name": "SUSE-SU-2015:0736",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "USN-2418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"name": "SUSE-SU-2015:0652",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "RHSA-2015:0062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"name": "USN-2417-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "HPSBGN03282",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"name": "SUSE-SU-2015:0178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"name": "DSA-3060",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "SUSE-SU-2015:0481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "62428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62428"
},
{
"name": "openSUSE-SU-2015:0566",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "70766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
},
{
"name": "SUSE-SU-2015:0529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "RHSA-2015:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3687",
"datePublished": "2014-11-10T11:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1090
Vulnerability from cvelistv5
Published
2012-05-17 10:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/88d7d4e4a439f32acc56a6d860e415ee71d3df08 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0531.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2012-0481.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48964 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=798293 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48842 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/02/28/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/88d7d4e4a439f32acc56a6d860e415ee71d3df08"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "SUSE-SU-2012:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"name": "RHSA-2012:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"name": "48964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48964"
},
{
"name": "SUSE-SU-2012:0616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798293"
},
{
"name": "48842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48842"
},
{
"name": "[oss-security] 20120228 Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/28/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/88d7d4e4a439f32acc56a6d860e415ee71d3df08"
},
{
"name": "RHSA-2012:0531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
},
{
"name": "SUSE-SU-2012:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html"
},
{
"name": "RHSA-2012:0481",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0481.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10"
},
{
"name": "48964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48964"
},
{
"name": "SUSE-SU-2012:0616",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=798293"
},
{
"name": "48842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48842"
},
{
"name": "[oss-security] 20120228 Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/02/28/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1090",
"datePublished": "2012-05-17T10:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2681
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "cumin-redhat-weak-security(78771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "cumin-redhat-weak-security(78771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2681",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12826
Vulnerability from cvelistv5
Published
2020-05-12 18:58
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 | x_refsource_MISC | |
| https://www.openwall.com/lists/kernel-hardening/2020/03/25/1 | x_refsource_MISC | |
| https://lists.openwall.net/linux-kernel/2020/03/24/1803 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1822077 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4367-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4369-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4391-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"name": "USN-4367-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4391-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T21:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"name": "USN-4367-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4391-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"name": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"name": "https://lists.openwall.net/linux-kernel/2020/03/24/1803",
"refsource": "MISC",
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"name": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"name": "USN-4367-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"name": "USN-4369-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "USN-4391-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4391-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12826",
"datePublished": "2020-05-12T18:58:48",
"dateReserved": "2020-05-12T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5006
Vulnerability from cvelistv5
Published
2010-10-18 16:00
Modified
2024-08-07 07:24
Severity ?
EPSS score ?
Summary
The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2010-0774.html | vendor-advisory, x_refsource_REDHAT | |
| http://svn.apache.org/viewvc?revision=811188&view=revision | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2684 | vdb-entry, x_refsource_VUPEN | |
| https://issues.apache.org/jira/browse/QPID-2080 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=642377 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41812 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/41710 | third-party-advisory, x_refsource_SECUNIA | |
| https://rhn.redhat.com/errata/RHSA-2010-0773.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-18T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?revision=811188\u0026view=revision"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/QPID-2080"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642377"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5006",
"datePublished": "2010-10-18T16:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-08-07T07:24:53.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5005
Vulnerability from cvelistv5
Published
2010-10-18 16:00
Modified
2024-08-07 07:24
Severity ?
EPSS score ?
Summary
The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rhn.redhat.com/errata/RHSA-2010-0774.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=642373 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2684 | vdb-entry, x_refsource_VUPEN | |
| http://svn.apache.org/viewvc?revision=785788&view=revision | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41812 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/41710 | third-party-advisory, x_refsource_SECUNIA | |
| https://rhn.redhat.com/errata/RHSA-2010-0773.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-18T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0774",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0774.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=642373"
},
{
"name": "ADV-2010-2684",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?revision=785788\u0026view=revision"
},
{
"name": "41812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41812"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5005",
"datePublished": "2010-10-18T16:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-08-07T07:24:53.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7553
Vulnerability from cvelistv5
Published
2017-09-14 16:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1288934 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-14T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7553",
"datePublished": "2017-09-14T16:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4404
Vulnerability from cvelistv5
Published
2013-12-23 22:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1851.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1852.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038"
},
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-07T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=995038"
},
{
"name": "RHSA-2013:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1851.html"
},
{
"name": "RHSA-2013:1852",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1852.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4404",
"datePublished": "2013-12-23T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4284
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029122 | vdb-entry, x_refsource_SECTRACK | |
| http://rhn.redhat.com/errata/RHSA-2013-1295.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1294.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029122"
},
{
"name": "RHSA-2013:1295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1295.html"
},
{
"name": "RHSA-2013:1294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1294.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-09T14:44:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1029122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029122"
},
{
"name": "RHSA-2013:1295",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1295.html"
},
{
"name": "RHSA-2013:1294",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1294.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4284",
"datePublished": "2013-10-09T14:44:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2684
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T20:12:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=830245"
},
{
"name": "FEDORA-2012-17863",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092562.html"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
},
{
"name": "FEDORA-2012-17854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092543.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2684",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0174
Vulnerability from cvelistv5
Published
2014-07-11 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0858.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2014-0859.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"name": "RHSA-2014:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-11T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0858.html"
},
{
"name": "RHSA-2014:0859",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0859.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0174",
"datePublished": "2014-07-11T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3083
Vulnerability from cvelistv5
Published
2010-10-12 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0756.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2010/10/08/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=632657 | x_refsource_CONFIRM | |
| http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291&r2=790290&pathrev=790291&view=patch | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41710 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.redhat.com/support/errata/RHSA-2010-0757.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name": "[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-20T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0756.html"
},
{
"name": "[oss-security] 20101007 qpidd SSL connection DoS (CVE-2010-3083)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=632657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?r1=790291\u0026r2=790290\u0026pathrev=790291\u0026view=patch"
},
{
"name": "41710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41710"
},
{
"name": "RHSA-2010:0757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0757.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3083",
"datePublished": "2010-10-12T20:00:00",
"dateReserved": "2010-08-20T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1892
Vulnerability from cvelistv5
Published
2013-10-01 20:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1170.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.exploit-db.com/exploits/24947 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2013/03/25/9 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html | vendor-advisory, x_refsource_FEDORA | |
| http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/24935 | exploit, x_refsource_EXPLOIT-DB | |
| https://jira.mongodb.org/browse/SERVER-9124 | x_refsource_CONFIRM | |
| http://www.mongodb.org/about/alerts/ | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html"
},
{
"name": "24947",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24947"
},
{
"name": "[oss-security] 20130325 Re: CVE Request: Mongo DB",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/9"
},
{
"name": "FEDORA-2013-4539",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/"
},
{
"name": "24935",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24935"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/SERVER-9124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mongodb.org/about/alerts/"
},
{
"name": "FEDORA-2013-4531",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-01T17:26:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1170.html"
},
{
"name": "24947",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24947"
},
{
"name": "[oss-security] 20130325 Re: CVE Request: Mongo DB",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/9"
},
{
"name": "FEDORA-2013-4539",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/"
},
{
"name": "24935",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24935"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.mongodb.org/browse/SERVER-9124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mongodb.org/about/alerts/"
},
{
"name": "FEDORA-2013-4531",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1892",
"datePublished": "2013-10-01T20:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7482
Vulnerability from cvelistv5
Published
2018-07-30 14:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99299 | vdb-entry, x_refsource_BID | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038787 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2017/dsa-3927 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.debian.org/security/2017/dsa-3945 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2017/q2/602 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:0641 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99299",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99299"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
},
{
"name": "1038787",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038787"
},
{
"name": "DSA-3927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3927"
},
{
"name": "DSA-3945",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
},
{
"name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q2/602"
},
{
"name": "RHSA-2019:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel:",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "4.12"
}
]
}
],
"datePublic": "2017-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T10:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "99299",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99299"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
},
{
"name": "1038787",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038787"
},
{
"name": "DSA-3927",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3927"
},
{
"name": "DSA-3945",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
},
{
"name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q2/602"
},
{
"name": "RHSA-2019:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value": "4.12"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99299"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
},
{
"name": "1038787",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038787"
},
{
"name": "DSA-3927",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3927"
},
{
"name": "DSA-3945",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3945"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
},
{
"name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q2/602"
},
{
"name": "RHSA-2019:0641",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7482",
"datePublished": "2018-07-30T14:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3699
Vulnerability from cvelistv5
Published
2016-10-07 14:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1329653 | x_refsource_CONFIRM | |
| https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2016/09/22/4 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2016-2584.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2574.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/93114 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76"
},
{
"name": "[oss-security] 20160922 kernel: ACPI table override is allowed when securelevel is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/4"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "93114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76"
},
{
"name": "[oss-security] 20160922 kernel: ACPI table override is allowed when securelevel is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/4"
},
{
"name": "RHSA-2016:2584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "93114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93114"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3699",
"datePublished": "2016-10-07T14:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4930
Vulnerability from cvelistv5
Published
2014-02-10 17:00
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=759548 | x_refsource_CONFIRM | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0099.html | vendor-advisory, x_refsource_REDHAT | |
| https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867 | x_refsource_MISC | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660 | x_refsource_CONFIRM | |
| https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-0100.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:38.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"name": "RHSA-2012:0099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"name": "RHSA-2012:0100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=759548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28429"
},
{
"name": "RHSA-2012:0099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0099.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=5e5571d1a431eb3c61977b6dd6ec90186ef79867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=2660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=28264"
},
{
"name": "RHSA-2012:0100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0100.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4930",
"datePublished": "2014-02-10T17:00:00",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:38.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3673
Vulnerability from cvelistv5
Published
2014-11-10 11:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70883",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70883"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"name": "HPSBGN03285",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"name": "USN-2418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"name": "SUSE-SU-2015:0652",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "RHSA-2015:0062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"name": "USN-2417-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "HPSBGN03282",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"name": "DSA-3060",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"name": "SUSE-SU-2015:0481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "62428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62428"
},
{
"name": "openSUSE-SU-2015:0566",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147850"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"name": "SUSE-SU-2015:0529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "RHSA-2015:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "70883",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70883"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"name": "HPSBGN03285",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722450701342\u0026w=2"
},
{
"name": "USN-2418-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"name": "SUSE-SU-2015:0652",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "RHSA-2015:0062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"name": "USN-2417-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "HPSBGN03282",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142722544401658\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"name": "DSA-3060",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"name": "SUSE-SU-2015:0481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "62428",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62428"
},
{
"name": "openSUSE-SU-2015:0566",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147850"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74"
},
{
"name": "SUSE-SU-2015:0529",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "RHSA-2015:0115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"name": "SUSE-SU-2015:0812",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3673",
"datePublished": "2014-11-10T11:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2680
Vulnerability from cvelistv5
Published
2012-09-28 17:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55618 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2012-1278.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78770 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2012-1281.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/50660 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-sec-bypass(78770)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"name": "55618",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-sec-bypass(78770)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"name": "RHSA-2012:1281",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50660"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2680",
"datePublished": "2012-09-28T17:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2922
Vulnerability from cvelistv5
Published
2015-05-27 10:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-6100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
},
{
"name": "FEDORA-2015-6294",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "DSA-3237",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"name": "openSUSE-SU-2015:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"name": "FEDORA-2015-6320",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
},
{
"name": "1032417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
},
{
"name": "SUSE-SU-2015:1478",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
},
{
"name": "RHSA-2015:1534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"name": "RHSA-2015:1564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"name": "SUSE-SU-2015:1224",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"name": "74315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74315"
},
{
"name": "RHSA-2015:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-6100",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
},
{
"name": "FEDORA-2015-6294",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "DSA-3237",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"name": "openSUSE-SU-2015:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"name": "FEDORA-2015-6320",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
},
{
"name": "1032417",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
},
{
"name": "SUSE-SU-2015:1478",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
},
{
"name": "RHSA-2015:1534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"name": "RHSA-2015:1564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"name": "SUSE-SU-2015:1224",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"name": "74315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74315"
},
{
"name": "RHSA-2015:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-6100",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
},
{
"name": "FEDORA-2015-6294",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "DSA-3237",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"name": "openSUSE-SU-2015:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"name": "FEDORA-2015-6320",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
},
{
"name": "1032417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032417"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
},
{
"name": "SUSE-SU-2015:1478",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
},
{
"name": "RHSA-2015:1534",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"name": "RHSA-2015:1564",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"name": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"name": "SUSE-SU-2015:1224",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"name": "74315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74315"
},
{
"name": "RHSA-2015:1221",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fd99094de2b83d1d4c8457f2c83483b2828e75a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2922",
"datePublished": "2015-05-27T10:00:00",
"dateReserved": "2015-04-04T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6445
Vulnerability from cvelistv5
Published
2014-04-30 14:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030158 | vdb-entry, x_refsource_SECTRACK | |
| http://rhn.redhat.com/errata/RHSA-2014-0441.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2014-0440.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030158"
},
{
"name": "RHSA-2014:0441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0441.html"
},
{
"name": "RHSA-2014:0440",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-30T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1030158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030158"
},
{
"name": "RHSA-2014:0441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0441.html"
},
{
"name": "RHSA-2014:0440",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6445",
"datePublished": "2014-04-30T14:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3460
Vulnerability from cvelistv5
Published
2019-11-21 14:03
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
cumin: At installation postgresql database user created without password
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-3460 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cumin",
"vendor": "cumin",
"versions": [
{
"status": "affected",
"version": "through 2012-08-08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cumin: At installation postgresql database user created without password"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "postgresql database user created without password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T14:03:17",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-3460"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3460",
"datePublished": "2019-11-21T14:03:17",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2699
Vulnerability from cvelistv5
Published
2012-05-24 23:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027274 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/07/20/5 | mailing-list, x_refsource_MLIST | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c | x_refsource_CONFIRM | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=723429 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"name": "[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1027274",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"name": "[oss-security] 20110720 Re: CVE request: kernel: ipv6: make fragment identifications less predictable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=87c48fa3b4630905f98268dde838ee43626a060c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=723429"
},
{
"name": "MDVSA-2013:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2699",
"datePublished": "2012-05-24T23:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16884
Vulnerability from cvelistv5
Published
2018-12-18 22:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106253"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-3981-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3981-1/"
},
{
"name": "USN-3980-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3980-1/"
},
{
"name": "USN-3980-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3980-2/"
},
{
"name": "USN-3981-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"name": "RHSA-2019:1873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"name": "RHSA-2019:1891",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
},
{
"name": "RHSA-2019:2696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2696"
},
{
"name": "RHSA-2019:2730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2730"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/10733769/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.kernel.org/cover/10733767/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K21430012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel:",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "106253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106253"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "USN-3932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-1/"
},
{
"name": "USN-3932-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3932-2/"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "USN-3981-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3981-1/"
},
{
"name": "USN-3980-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3980-1/"
},
{
"name": "USN-3980-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3980-2/"
},
{
"name": "USN-3981-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3981-2/"
},
{
"name": "RHSA-2019:1873",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1873"
},
{
"name": "RHSA-2019:1891",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1891"
},
{
"name": "RHSA-2019:2696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2696"
},
{
"name": "RHSA-2019:2730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2730"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.kernel.org/patch/10733769/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.kernel.org/cover/10733767/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K21430012"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16884",
"datePublished": "2018-12-18T22:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6685
Vulnerability from cvelistv5
Published
2020-02-19 14:41
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
Nokogiri before 1.5.4 is vulnerable to XXE attacks
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/sparklemotion/nokogiri/issues/693 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1178970 | x_refsource_MISC | |
| https://nokogiri.org/CHANGELOG.html#154-2012-06-12 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sparklemotion/nokogiri/issues/693"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T14:41:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sparklemotion/nokogiri/issues/693"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nokogiri before 1.5.4 is vulnerable to XXE attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sparklemotion/nokogiri/issues/693",
"refsource": "CONFIRM",
"url": "https://github.com/sparklemotion/nokogiri/issues/693"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970"
},
{
"name": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12",
"refsource": "CONFIRM",
"url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6685",
"datePublished": "2020-02-19T14:41:27",
"dateReserved": "2015-01-05T00:00:00",
"dateUpdated": "2024-08-06T21:36:01.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3459
Vulnerability from cvelistv5
Published
2019-04-11 15:53
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "before 5.1-rc1"
},
{
"status": "affected",
"version": "fixed in 5.1-rc1"
}
]
}
],
"datePublic": "2019-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:11",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2019-3459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "before 5.1-rc1"
},
{
"version_value": "fixed in 5.1-rc1"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20190111 Linux kernel: Bluetooth: two remote infoleaks (CVE-2019-3459, CVE-2019-3460)",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=154721580222522\u0026w=2"
},
{
"name": "[linux-bluetooth] 20190110 [PATCH 1/2] Bluetooth: check message types in l2cap_get_conf_opt",
"refsource": "MLIST",
"url": "https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/"
},
{
"name": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663176"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1120758",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1120758"
},
{
"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/2"
},
{
"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "RHSA-2019:2043",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2043"
},
{
"name": "RHSA-2019:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2029"
},
{
"name": "[oss-security] 20190811 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/12/1"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0740",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2019-3459",
"datePublished": "2019-04-11T15:53:35",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2189
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- vsftpd -- Do not create network namespace per connection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/20"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- vsftpd -- Do not create network namespace per connection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33"
},
{
"name": "DSA-2305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2305"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://patchwork.ozlabs.org/patch/88217/"
},
{
"name": "[git-commits-head] 20091208 net: Automatically allocate per namespace data.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373"
},
{
"name": "USN-1288-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1288-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-18T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://neil.brown.name/git?p=linux-2.6%3Ba=patch%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- vsftpd -- Do not create network namespace per connection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/20"
},
{
"name": "[oss-security] 20110606 Re: CVE Request -- vsftpd -- Do not create network namespace per connection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ie.archive.ubuntu.com/linux/kernel/v2.6/ChangeLog-2.6.33"
},
{
"name": "DSA-2305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2305"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://patchwork.ozlabs.org/patch/88217/"
},
{
"name": "[git-commits-head] 20091208 net: Automatically allocate per namespace data.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629373"
},
{
"name": "USN-1288-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1288-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2b035b39970740722598f7a9d548835f9bdd730f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f875bae065334907796da12523f9df85c89f5712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711134"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2189",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1749
Vulnerability from cvelistv5
Published
2020-09-09 14:35
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201222-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Linux Kernel | kernel |
Version: 5.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux Kernel",
"versions": [
{
"status": "affected",
"version": "5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-22T07:06:22",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "5.5"
}
]
}
}
]
},
"vendor_name": "Linux Kernel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel\u0027s implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn\u0027t correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201222-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201222-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1749",
"datePublished": "2020-09-09T14:35:17",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4462
Vulnerability from cvelistv5
Published
2013-03-12 15:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option.
References
| ▼ | URL | Tags |
|---|---|---|
| https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2013-0564.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-0565.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=860850 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
},
{
"name": "RHSA-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"name": "RHSA-2013:0565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84"
},
{
"name": "RHSA-2013:0564",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0564.html"
},
{
"name": "RHSA-2013:0565",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0565.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860850"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4462",
"datePublished": "2013-03-12T15:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-08-06T20:35:09.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11478
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "RHSA-2019:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K26618426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "Linux",
"versions": [
{
"lessThan": "4.4.182",
"status": "affected",
"version": "4.4",
"versionType": "custom"
},
{
"lessThan": "4.9.182",
"status": "affected",
"version": "4.9",
"versionType": "custom"
},
{
"lessThan": "4.14.127",
"status": "affected",
"version": "4.14",
"versionType": "custom"
},
{
"lessThan": "4.19.52",
"status": "affected",
"version": "4.19",
"versionType": "custom"
},
{
"lessThan": "5.1.11",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Looney from Netflix"
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:56",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "VU#905115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "RHSA-2019:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K26618426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4017-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638"
],
"discovery": "UNKNOWN"
},
"title": "SACK can cause extensive memory use via fragmented resend queue",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-06-17T00:00:00.000Z",
"ID": "CVE-2019-11478",
"STATE": "PUBLIC",
"TITLE": "SACK can cause extensive memory use via fragmented resend queue"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.4",
"version_value": "4.4.182"
},
{
"version_affected": "\u003c",
"version_name": "4.9",
"version_value": "4.9.182"
},
{
"version_affected": "\u003c",
"version_name": "4.14",
"version_value": "4.14.127"
},
{
"version_affected": "\u003c",
"version_name": "4.19",
"version_value": "4.19.52"
},
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.11"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Looney from Netflix"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#905115",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/905115"
},
{
"name": "RHSA-2019:1594",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1594"
},
{
"name": "RHSA-2019:1602",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1602"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "RHSA-2019:1699",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1699"
},
{
"name": "20190722 [SECURITY] [DSA 4484-1] linux security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/30"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic",
"refsource": "MISC",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/tcpsack",
"refsource": "MISC",
"url": "https://access.redhat.com/security/vulnerabilities/tcpsack"
},
{
"name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_28",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_28"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0001/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"
},
{
"name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"
},
{
"name": "https://support.f5.com/csp/article/K26618426",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K26618426"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"
},
{
"name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/4017-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11478",
"datePublished": "2019-06-18T23:34:51.077803Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T23:45:54.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3940
Vulnerability from cvelistv5
Published
2014-06-05 17:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1104097 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59011 | third-party-advisory, x_refsource_SECUNIA | |
| https://lkml.org/lkml/2014/3/18/784 | mailing-list, x_refsource_MLIST | |
| https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0290.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2014/06/02/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/67786 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/61310 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2015-1272.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097"
},
{
"name": "59011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59011"
},
{
"name": "[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lkml.org/lkml/2014/3/18/784"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
},
{
"name": "RHSA-2015:0290",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
},
{
"name": "[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/02/5"
},
{
"name": "67786",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67786"
},
{
"name": "61310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61310"
},
{
"name": "RHSA-2015:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097"
},
{
"name": "59011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59011"
},
{
"name": "[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lkml.org/lkml/2014/3/18/784"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
},
{
"name": "RHSA-2015:0290",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
},
{
"name": "[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/02/5"
},
{
"name": "67786",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67786"
},
{
"name": "61310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61310"
},
{
"name": "RHSA-2015:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104097"
},
{
"name": "59011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59011"
},
{
"name": "[linux-kernel] 20140318 [PATCH RESEND -mm 1/2] mm: add !pte_present() check on existing hugetlb_entry callbacks",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2014/3/18/784"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
},
{
"name": "RHSA-2015:0290",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
},
{
"name": "[oss-security] 20140602 CVE-2014-3940 - Linux kernel - missing check during hugepage migration",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/02/5"
},
{
"name": "67786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67786"
},
{
"name": "61310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61310"
},
{
"name": "RHSA-2015:1272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3940",
"datePublished": "2014-06-05T17:00:00",
"dateReserved": "2014-06-02T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}