All the vulnerabilites related to openslp - openslp
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75052621-7AD2-4EDC-A4E8-952D156B7EA5",
"versionEndIncluding": "1.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file."
},
{
"lang": "es",
"value": "Vulnerabilidad de enlaces simb\u00f3licos en el script slpd slpd.all_init de OpenSLP anteriores a 1.0.11 permite a usuarios locales sobreescribir ficheros arbitrarios mediante el fichero temporal route.check."
}
],
"id": "CVE-2003-0875",
"lastModified": "2024-11-20T23:45:43.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000723"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106123103606336\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106123103606336\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-06 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
References
Impacted products
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_daas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "681E7242-8D99-434C-9D82-ADE431825FB5",
"versionEndExcluding": "9.0.0.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3E8861F4-D390-4738-BBF0-9EE4684E9667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*",
"matchCriteriaId": "52403C80-3022-4E5B-B16A-24B116D1E6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*",
"matchCriteriaId": "FBECED2E-05FD-492E-8B57-9BB8ADA82444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*",
"matchCriteriaId": "3C3FBBA4-01FA-45B5-AEDF-FFFE941163FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*",
"matchCriteriaId": "A63E3C72-3145-4661-BBCD-8A67EC0CDDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*",
"matchCriteriaId": "9159F6E1-6A36-4D3C-85B1-2205B90CD244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*",
"matchCriteriaId": "C2C08C24-FBAC-49B8-AABF-4FF8BADA3412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*",
"matchCriteriaId": "2B9D5E67-78C9-495E-91F0-AF94871E5FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*",
"matchCriteriaId": "6D35CDFE-F0E7-43F7-A307-E3BDDE5AEAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*",
"matchCriteriaId": "ADC13026-3B5A-4BF0-BDEC-B77338E427E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*",
"matchCriteriaId": "6CBA70BA-FFCD-4D2D-AD26-95CC62748937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*",
"matchCriteriaId": "4C92DD8B-8AB8-40D4-8E86-12FEB055D37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*",
"matchCriteriaId": "C58D77F5-CDB2-47DA-A879-BABEBE2E1E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*",
"matchCriteriaId": "D0C324FB-3989-4A4A-BF5B-C40CA698DDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*",
"matchCriteriaId": "0E7AC58E-D1F8-4FDF-9A28-61CF6158330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*",
"matchCriteriaId": "489EE0F6-5510-470E-8711-DC08B4AFB4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*",
"matchCriteriaId": "6719ED6F-CBC3-4B1E-9343-23DC3BA15FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*",
"matchCriteriaId": "DDAA48A9-9319-4104-B151-D529E5EBF0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*",
"matchCriteriaId": "D16CD918-5075-4975-8B1E-21D8AD35A28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*",
"matchCriteriaId": "7A38CD8E-494D-4E0E-A300-8550FC81FAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*",
"matchCriteriaId": "1F40ABE8-8DED-4633-A34C-00DF5D510E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*",
"matchCriteriaId": "1736B975-089B-413C-8CA0-5524B957EF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*",
"matchCriteriaId": "0E4DCBF6-7189-497A-B923-08574443172C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*",
"matchCriteriaId": "16FBA646-0B5E-44A7-BB12-29D5C611AEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*",
"matchCriteriaId": "29F57497-7B48-4D0C-B8F5-8D33062BECEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*",
"matchCriteriaId": "ADDE96C7-C489-4D14-990B-8524627A23D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*",
"matchCriteriaId": "AD82C093-FD98-45DE-9EE6-A05E81A1FEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*",
"matchCriteriaId": "08789F9E-CDC7-4F89-B925-92C9E3AE5234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*",
"matchCriteriaId": "26ABB84C-B4BF-424E-8F4C-D2B6BE0AC79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*",
"matchCriteriaId": "621C203B-4B66-49CC-A35D-D7703109BF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*",
"matchCriteriaId": "3261BDEF-D89C-41D9-A360-EC36EAB17490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*",
"matchCriteriaId": "5170A4F6-02B7-4225-B944-73DB5A4D332C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*",
"matchCriteriaId": "62A97DBA-A56B-4F0B-B9C4-44B5166681AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*",
"matchCriteriaId": "806C8BE6-A2BE-45BE-BEF2-396BEB16FCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*",
"matchCriteriaId": "DBA6211E-134A-484E-8444-FBB5070B395D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*",
"matchCriteriaId": "3E7B05B3-4076-4A44-B9A6-A44419F175C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*",
"matchCriteriaId": "1A1636B4-6E79-42D7-AA62-5EE43412B43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*",
"matchCriteriaId": "0F0377D0-BBED-41BF-80C5-58414ED413EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*",
"matchCriteriaId": "6495283C-D18A-4DDA-852E-46F2273D6DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*",
"matchCriteriaId": "09DEFEE5-5E9E-4F3A-A245-3E8E2B291339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*",
"matchCriteriaId": "4B5A97A3-65DB-4697-9CF1-B4F5E4E4132F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*",
"matchCriteriaId": "17A84E0A-1429-467F-9EE1-FCA062392DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*",
"matchCriteriaId": "C591163D-64BC-403B-A460-5B2258EC2F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*",
"matchCriteriaId": "ED932B89-D34D-4398-8F79-AF98987CAFD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*",
"matchCriteriaId": "ABD365A0-0B09-4EC2-9973-691144C99507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*",
"matchCriteriaId": "FBE64DC7-A9D1-416F-89BF-D9F8DD8174AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*",
"matchCriteriaId": "0E198AE4-A6A3-4875-A7DA-44BE9E1B280F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*",
"matchCriteriaId": "2FDD5BA0-8180-484D-8308-B0862B6E9DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*",
"matchCriteriaId": "96A6EB9A-A908-42D1-A6BC-E38E861BBECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*",
"matchCriteriaId": "651EDCAA-D785-464D-AE41-425A69F6FFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*",
"matchCriteriaId": "1B3C704C-9D60-4F72-B482-07F209985E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*",
"matchCriteriaId": "C1CFE956-4391-4B71-BD0B-96A008A624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*",
"matchCriteriaId": "409778CD-9AB3-4793-A5F5-8D8657F81442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*",
"matchCriteriaId": "F7EA75DB-B6BE-4E75-89B6-C69E96CBD7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*",
"matchCriteriaId": "0DC45A8B-6DE0-465F-9644-B75A09394F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*",
"matchCriteriaId": "7A265671-BCB0-401A-A1E8-500F9D41492E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*",
"matchCriteriaId": "83168067-1E43-4186-9B15-3FC702C6583C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*",
"matchCriteriaId": "8C122DB4-8410-4C4E-87BE-EB3175CE182B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*",
"matchCriteriaId": "C76ED78D-0778-4269-938E-BB7586C1E44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*",
"matchCriteriaId": "7A1F78C5-E995-4E37-83C5-5B6A1D39E549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*",
"matchCriteriaId": "7A2E842D-AF37-4641-AD05-B91F250E7487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*",
"matchCriteriaId": "A07EAC87-32FD-4553-B71D-181F2C66AE68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*",
"matchCriteriaId": "AD6F0D62-4C51-46D6-A6C4-E479BE6B2C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*",
"matchCriteriaId": "865D3042-68ED-44B9-A036-9433F7463D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*",
"matchCriteriaId": "FC4FEF78-D2DA-4CCE-BB81-7E2090ED545C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*",
"matchCriteriaId": "11AE3F61-9655-4B20-96E1-92112BE2BEDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*",
"matchCriteriaId": "ECE35166-3019-450B-9C69-484E4EDE5A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*",
"matchCriteriaId": "D892B066-381B-4F46-8363-7BA1647BBCD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*",
"matchCriteriaId": "710DB381-5504-4493-8D0A-17AB8E5A903B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*",
"matchCriteriaId": "42AAA3B7-B74D-4B67-8BD3-1D9B5ED1E037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*",
"matchCriteriaId": "33CBCA55-010E-4E84-B2F8-F9B53D5A3340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*",
"matchCriteriaId": "95A73B4B-F9B3-4D66-9668-902902C73CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*",
"matchCriteriaId": "8D14D51D-E2EA-4826-8C6E-AF1C15F12384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*",
"matchCriteriaId": "BED100A1-9D59-48BE-91D4-0C8F2D678E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*",
"matchCriteriaId": "660B51F2-DFE0-49F6-AD2A-6E94B20F4019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*",
"matchCriteriaId": "8BF80536-348A-468E-AC1C-DA53632FCC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*",
"matchCriteriaId": "CFABF302-AC32-4507-BDD9-314854DE55BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*",
"matchCriteriaId": "9EDE020F-4FB1-4F1D-B434-6745045702D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*",
"matchCriteriaId": "AA1538B9-E860-46CE-A4CA-1393ECA20D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*",
"matchCriteriaId": "386A6805-6167-47BA-A02F-073DC7E0FE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*",
"matchCriteriaId": "03BA15D8-F7A2-428C-8104-BCEBDE7C1EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*",
"matchCriteriaId": "1CFCFE7B-37E5-4C64-9B43-4F693F227231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*",
"matchCriteriaId": "02CFAE22-37DB-4787-96FB-9E0F8EF671E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*",
"matchCriteriaId": "0BC70488-A435-43BE-AEF4-30CBA36CBC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*",
"matchCriteriaId": "2B37DC7D-A1C6-468F-A42E-160CE226FF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*",
"matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*",
"matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*",
"matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*",
"matchCriteriaId": "F948E806-0F73-4145-A723-7A43BA45842B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*",
"matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*",
"matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*",
"matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*",
"matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*",
"matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*",
"matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*",
"matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*",
"matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*",
"matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*",
"matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*",
"matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*",
"matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*",
"matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*",
"matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*",
"matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*",
"matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*",
"matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*",
"matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*",
"matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*",
"matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*",
"matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*",
"matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*",
"matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*",
"matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*",
"matchCriteriaId": "2D6A3952-8429-4762-8701-47D7C1F05A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*",
"matchCriteriaId": "5B007609-C312-469B-BACF-04D6D80DADF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*",
"matchCriteriaId": "514F2ECD-FC55-42A5-BEE4-DA7641CC93A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*",
"matchCriteriaId": "3594E391-19CD-4803-8285-FA11BE63AB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*",
"matchCriteriaId": "2CEC248D-502E-4A8D-8786-CD72A2E3AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*",
"matchCriteriaId": "4F08529C-B14C-45FB-AEA1-77D12C88CB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*",
"matchCriteriaId": "617835F5-49DA-4B42-8C7B-C122D7363A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*",
"matchCriteriaId": "E7DF3ED7-FA3F-4EBC-99AC-B7AD20E85927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*",
"matchCriteriaId": "9ED86C29-2EA6-41DD-ACCB-1E02F9CB747E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*",
"matchCriteriaId": "DE1372AD-2853-4BED-BB71-6BACB28B95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*",
"matchCriteriaId": "F0E684DF-9E45-459E-AB75-6B4653E5C7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*",
"matchCriteriaId": "B3DDD3E9-186F-472C-BA76-C2A363206792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*",
"matchCriteriaId": "A09E9914-DB27-41EF-B55D-5B79ECD1DA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*",
"matchCriteriaId": "7F916A39-13BD-44A7-A9EC-1FD40EBE357C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*",
"matchCriteriaId": "4F8219B4-1FC2-4383-83E6-92DF700C72D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*",
"matchCriteriaId": "C44C9D6A-8BBE-4970-A732-B9F86D42A55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911001:*:*:*:*:*:*",
"matchCriteriaId": "427F4ED8-8782-4BDF-A559-11CB8E0A65F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911401:*:*:*:*:*:*",
"matchCriteriaId": "63DDC95E-BBCD-4A68-9AFB-B5F9D206818E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201911402:*:*:*:*:*:*",
"matchCriteriaId": "B27E3424-5D4E-4E5D-8762-7AECBB11FE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*",
"matchCriteriaId": "0CE9D758-2170-4ACD-965C-C76BDA693466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*",
"matchCriteriaId": "FD4A373B-2AC6-4193-9C34-1E4EEB552A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*",
"matchCriteriaId": "E75F4E15-2C5F-4667-B8A4-0EE9895FAEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*",
"matchCriteriaId": "8B75B45F-E25A-4362-856D-465A9F8B70DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*",
"matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*",
"matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*",
"matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*",
"matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*",
"matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*",
"matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*",
"matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*",
"matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*",
"matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*",
"matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*",
"matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*",
"matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*",
"matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*",
"matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*",
"matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*",
"matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*",
"matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*",
"matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*",
"matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*",
"matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*",
"matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*",
"matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*",
"matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*",
"matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*",
"matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*",
"matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*",
"matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*",
"matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*",
"matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*",
"matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*",
"matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*",
"matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*",
"matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*",
"matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*",
"matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*",
"matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*",
"matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*",
"matchCriteriaId": "ABE65721-57C0-4748-B159-F6D97CE8CAB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*",
"matchCriteriaId": "CD1889D7-3313-4004-AA42-7879E8551413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*",
"matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*",
"matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*",
"matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*",
"matchCriteriaId": "F853B5B8-E8F8-4EA2-90EB-0603F4AADAD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*",
"matchCriteriaId": "0169E032-F47A-45E0-BC33-B7DF54EC11BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*",
"matchCriteriaId": "B0FCF0BB-9905-415A-8E30-DB96CCC49782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*",
"matchCriteriaId": "0C02E0DF-7656-475B-B028-10406DAB30F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*",
"matchCriteriaId": "41340C91-4E96-4578-BB96-6758EBE072E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*",
"matchCriteriaId": "FAE29DD3-BFC7-4781-A805-DE379CAB3DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*",
"matchCriteriaId": "322DC091-A4A1-4534-AB5C-0030114A63D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*",
"matchCriteriaId": "4B23002D-D157-412F-B2ED-CD4504C79987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*",
"matchCriteriaId": "8A2AE141-7503-4C0B-B0F1-B67A898FDF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*",
"matchCriteriaId": "4547B798-9F00-4B28-B667-9D38B9E3591B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*",
"matchCriteriaId": "53129601-DDA4-4BF4-8F63-A88890F2D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*",
"matchCriteriaId": "B48B12F8-0B49-404E-A6B4-1F6108687C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*",
"matchCriteriaId": "8CED027A-5B1B-44CC-81DA-AAD00D551C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*",
"matchCriteriaId": "94F87F69-37DD-4170-ACA0-742EE8CFD00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*",
"matchCriteriaId": "ACC3D191-BB1B-4875-9A58-1E6D53128062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*",
"matchCriteriaId": "BD858E05-6FDE-4EDE-95C7-CA16B66BE7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*",
"matchCriteriaId": "FFCC4027-ED2E-4993-9C3E-FDEBF94EFF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*",
"matchCriteriaId": "62772E13-0198-4021-9FB0-59124086B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*",
"matchCriteriaId": "C8A565A1-E4F0-4683-9DD6-D3B595A0B2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*",
"matchCriteriaId": "7B8868CD-EA52-438C-BFDD-EB41C98BA425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*",
"matchCriteriaId": "2F42557E-2FB2-4902-A6E8-CDDDC5E6CAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*",
"matchCriteriaId": "00ECE661-E187-4999-B2CC-CF0EBAE83253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*",
"matchCriteriaId": "6C225598-9636-4095-84FE-DD671F2D6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*",
"matchCriteriaId": "58C577E8-4B2B-4D91-AFCA-81C7FA04B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*",
"matchCriteriaId": "B7F8E29D-A3C1-4223-BDC3-CCED7C6FC86D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*",
"matchCriteriaId": "41DE747D-30C9-470D-8447-47B8C95311EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*",
"matchCriteriaId": "9D4D1283-BEC0-4FFC-8DC1-812D7A069F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*",
"matchCriteriaId": "97F27723-5065-4A57-AF07-F9BD35B9B32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*",
"matchCriteriaId": "94383F22-6A4B-43A5-BA4D-6D25698DFF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*",
"matchCriteriaId": "0F27B6FA-DFF5-4A67-BA3A-E34F38DC3D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*",
"matchCriteriaId": "E58409B9-DCF2-4383-8A39-D7CE0136EFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*",
"matchCriteriaId": "00CF4E83-EA1C-4058-8BCC-09B495255F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*",
"matchCriteriaId": "86626D15-8D73-48BA-970B-CE661D5BB59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*",
"matchCriteriaId": "2308CED4-314E-4CFE-8B1F-7B6CAA637A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*",
"matchCriteriaId": "9969057F-BD3A-474E-8A02-087575A8AA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*",
"matchCriteriaId": "7111974A-2A88-4209-8CBB-F872993AE4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*",
"matchCriteriaId": "35722902-3652-44F1-89C2-08EB51F2A1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*",
"matchCriteriaId": "E469AC46-D464-4960-8F23-CA59B3DCB7C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*",
"matchCriteriaId": "9CAD88F2-F1AA-4DDE-9E27-52090E2BD49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*",
"matchCriteriaId": "48F3D2BF-3A1D-4C49-94F5-EDB11E57821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*",
"matchCriteriaId": "739948F5-E005-49E3-B412-4E035C7D95E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*",
"matchCriteriaId": "D1828A75-5088-4992-A06B-A58B62536F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*",
"matchCriteriaId": "58030F5A-82E1-4D54-A8F0-30CAAD4C8402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*",
"matchCriteriaId": "9A013753-5E40-4CD8-A649-6CD023E0A970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*",
"matchCriteriaId": "F554BC79-A92C-4287-9D94-3657C48E36CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*",
"matchCriteriaId": "F82710D4-3FAB-469F-B15C-F22B4786AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*",
"matchCriteriaId": "BDE7B96D-AD37-406D-AF62-3797E7A55119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*",
"matchCriteriaId": "A9C294EC-F0BE-44DA-9073-D29D693F0964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*",
"matchCriteriaId": "E05B6CD2-A581-46C2-AEA7-D8A6028FB466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*",
"matchCriteriaId": "6CEC1380-E75E-40B5-BDE8-94E12317CCCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*",
"matchCriteriaId": "C7B7079D-785C-4941-929A-C82B54809728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*",
"matchCriteriaId": "A1ADE91B-0682-4EF9-8724-E0AFFF3685C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*",
"matchCriteriaId": "31F8FFF5-25BD-408D-9089-567AF16BA608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*",
"matchCriteriaId": "EE834CFD-5533-4989-8836-D0F07ED4919C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*",
"matchCriteriaId": "092F9149-6B82-48CD-B90C-87DB36881F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*",
"matchCriteriaId": "B2EA0EC1-0139-403C-AC9B-08D8530F4A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*",
"matchCriteriaId": "5A3ADB57-5A7D-4B75-903C-FCBE1FAE9AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*",
"matchCriteriaId": "755CCD27-3C87-497F-BDBB-48D3163909A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201911001:*:*:*:*:*:*",
"matchCriteriaId": "2130E67D-7F2A-4D82-BEFD-BA42B6B6FDA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "6D8D654F-2442-4EA0-AF89-6AC2CD214772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
"matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "418488A5-2912-406C-9337-B8E85D0C2B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C18F1E-246F-4BC5-812C-F05D7B39796F",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8."
},
{
"lang": "es",
"value": "OpenSLP, como es usado en ESXi y los dispositivos Horizon DaaS, presenta un problema de sobrescritura de la pila. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Cr\u00edtica con una puntuaci\u00f3n base m\u00e1xima CVSSv3 de 9.8."
}
],
"id": "CVE-2019-5544",
"lastModified": "2024-11-21T04:45:09.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-06T16:15:11.467",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/2"
},
{
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/2"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0022.html"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4240"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0199"
},
{
"source": "security@vmware.com",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/"
},
{
"source": "security@vmware.com",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-12"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-23 18:29
Modified
2024-11-21 03:18
Severity ?
Summary
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF96BA3-6A2E-4371-8A6A-2D90BAA787A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8B97B6-84FF-49EF-B7FF-EEA147CEF00E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd350g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B766A835-96C7-41F7-AB60-4690F5D59A36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd350g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6157D72E-534F-4DA5-AD9E-ED9BEDAD0DB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd350x_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E02C1B7D-291F-4897-83EC-7A68697960B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd350x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAFE2B4-2F30-42A5-9A3F-0FAB6567EAD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd450x_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23D119B1-EB2A-4715-8EA4-77037E9919B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd450x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313A342C-E7C4-40BE-A97F-CB4711CF154C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinksystem_hr630x_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A999E2F-A0E7-4E86-AAAB-392AA0F13027",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_hr630x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF947D32-62E3-4957-86E2-EC3FA6F220D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinksystem_hr650x_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92EC9023-8344-4818-A341-C6866A631F3F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_hr650x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "346F827E-369C-4087-BFB6-E74B1CAC1B15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "993EE14E-929C-4983-9BCD-9F08906EA3FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:flex_system_fc3171_8gb_san_switch_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE27025-E34D-4FD4-ADC2-4DA56D2F51CD",
"versionEndExcluding": "9.1.13.02.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:flex_system_fc3171_8gb_san_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8A3649-7EF7-4D20-B28A-63D810FA4F08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storage_n3310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "087C37F7-3895-40C6-82B3-F45039E9FB9B",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storage_n3310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "319412A8-D5BD-4214-AA5A-1E7383AA27A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:storage_n4610_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E974B81E-4DB3-492F-8904-2C0CFF50DD7A",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:storage_n4610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D320E2FC-E2E1-45F3-9B0E-2FA647D657BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:bm_nextscale_fan_power_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E3A306-93AA-476C-930D-DE48CBFB13D7",
"versionEndExcluding": "24p-2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:cmm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CE3ABD-1FA9-4E26-A873-1027955F968F",
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:fan_power_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F751FD5-004F-4C4F-9651-9EF33FA095E1",
"versionEndExcluding": "30r-1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:imm1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64CF298E-5107-489B-9E08-93084D528F3B",
"versionEndExcluding": "1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:imm2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F086091-169B-47F8-A2E8-F5437433AE87",
"versionEndExcluding": "4.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "070219DA-DDD4-4E8A-A23B-3E46E4CB37DA",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639A266B-2A2F-43C9-9871-2F1E5D3AA990",
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A48E001-1D62-4A25-8C7F-D4691BAEC3DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B63891A2-CDA8-4FC8-ADAB-512378D6B8FE",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A988370E-47F4-4DC3-91AB-025360D07160",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77D8669A-6716-439E-AA6F-EF6A1456FF71",
"versionEndIncluding": "50.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED7B28A-1E10-4011-8250-8E060F74E3CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE30B73E-1918-4465-A948-829AD3D92E07",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B994FC89-D6B6-4191-BC53-A36211DE94F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5017F43-C28F-4B3E-900A-96FEC8BE537D",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDCBFD8-D031-4034-AEF9-6F31CC1C5814",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd540_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D2D3BB-77F2-4798-BF81-B9EDB607CE94",
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd540:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A30925DE-F919-472F-AA5B-0E2566F99DDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7057A245-999D-4334-AF82-305ECC09F795",
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E66D761-1400-41AE-AAB7-E54B80B3FAC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6F1A92-C568-4CA4-8DBC-459B9DC93A24",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rd650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2211D4D-0EB0-4E15-83D5-E94138D68284",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rq750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "707CAEBE-5ED4-4755-B2DB-7A135DB0AE8A",
"versionEndExcluding": "1.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rq750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30A3486A-5BEF-4B6A-B516-DCABBF7DE66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_rs160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A43A48-4E30-4BA6-A4C4-CA565A78B0FC",
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_rs160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA619AB-82E2-4E76-943A-0E68379FD583",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_sd350_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "034D2231-4D6D-42C2-8CDA-85D25B62ECFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_sd350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87959493-B6D7-4765-930C-40A9FBAED2E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68A5907C-6A3C-4657-8B9E-DAA6BC1681E4",
"versionEndExcluding": "46.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42109D0F-9FDD-4199-A946-64C453B40CFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "973D779E-E3F0-419A-97A1-C0F55AFC9ECE",
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_td350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83BDBAD4-5483-4D37-A727-D5FE876FF26E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkserver_ts460_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A2F7DE-1C65-499B-98BA-E751E754312D",
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkserver_ts460:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4EFAC5-9268-49A3-BDFF-4F1C87FA7867",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability."
},
{
"lang": "es",
"value": "Las versiones de OpenSLP en las secuencias de c\u00f3digo 1.0.2 y 1.1.0 tienen un problema de corrupci\u00f3n de memoria relacionada con la memoria din\u00e1mica (heap), que puede manifestarse como una vulnerabilidad de denegaci\u00f3n de servicio (DoS) o de ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2017-17833",
"lastModified": "2024-11-21T03:18:46.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-23T18:29:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-18247"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2240"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2308"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202005-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-18247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202005-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3708-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-02 18:15
Modified
2024-11-21 01:42
Severity ?
Summary
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openslp | openslp | 1.2.1 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 20 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2759B9FB-9B05-4137-9C90-02D7CDBB692D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openslp: SLPIntersectStringList()\u0027 Function has a DoS vulnerability"
},
{
"lang": "es",
"value": "openslp: La funci\u00f3n SLPIntersectStringList()\u0027 presenta una vulnerabilidad de DoS"
}
],
"id": "CVE-2012-4428",
"lastModified": "2024-11-21T01:42:52.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-02T18:15:09.707",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/27"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55540"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2730-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-4428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78732"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2730-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-4428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-05"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:58
Severity ?
Summary
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E52C2A69-3CDA-442B-8CC9-653964C883B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n SLPFoldWhiteSpace en common/slp_compare.c en OpenSLP 2.0 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una cadena manipulada."
}
],
"id": "CVE-2016-7567",
"lastModified": "2024-11-21T02:58:13.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:02.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93186"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45804/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45804/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/18/6 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1035916 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1329295 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.gentoo.org/glsa/201707-05 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/18/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035916 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1329295 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201707-05 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6553F9-2E7C-4935-93A4-F6C55ACEA2DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure."
},
{
"lang": "es",
"value": "La funci\u00f3n _xrealloc en xlsp_xmalloc.c en OpenSLP 2.0.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda) a trav\u00e9s de un gran n\u00famero de paquetes manipulados, lo que desencadena un fallo de asignaci\u00f3n de memoria."
}
],
"id": "CVE-2016-4912",
"lastModified": "2024-11-21T02:53:13.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035916"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-05"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:55
Severity ?
Summary
Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openslp | openslp | 1.0.1 | |
| openslp | openslp | 1.0.2 | |
| openslp | openslp | 1.0.3 | |
| openslp | openslp | 1.0.4 | |
| openslp | openslp | 1.0.5 | |
| openslp | openslp | 1.0.6 | |
| openslp | openslp | 1.0.7 | |
| openslp | openslp | 1.0.8_a | |
| openslp | openslp | 1.0.9_a | |
| openslp | openslp | 1.0.10 | |
| openslp | openslp | 1.0.11 | |
| openslp | openslp | 1.0_.0 | |
| openslp | openslp | 1.1.5 | |
| openslp | openslp | 1.2.1 | |
| openslp | openslp | 1.2_.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C050454-C24F-49B8-9EB0-C8B1D87B882F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF96BA3-6A2E-4371-8A6A-2D90BAA787A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7D587A9A-F547-4857-8E50-C790CD5778A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32F89E05-C29C-4B53-8007-E2C3EF40C2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9C81A-4DF2-4B69-8AEC-4E63621E3E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA0859-921E-41DE-9795-99176E087F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97CFAB66-94A5-457C-9EAD-F378494D9AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.8_a:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BA655D-551A-461F-A8BB-C176B03514E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.9_a:*:*:*:*:*:*:*",
"matchCriteriaId": "21C7F6A0-7373-4C3B-817C-F1A5F40C8809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BD7DB8-2763-4669-931A-EBFDCEB50A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED17444-C7E8-47D8-9143-2339885EF4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.0_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF98A9B4-FA65-415A-BEA1-40C68193EA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D744C240-4A84-4A30-89F8-A931FA745BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2759B9FB-9B05-4137-9C90-02D7CDBB692D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openslp:openslp:1.2_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D84015-C3C2-4201-9155-CA1F961466B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets."
}
],
"id": "CVE-2005-0769",
"lastModified": "2024-11-20T23:55:51.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14561"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22128"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:055"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_15_openslp.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12792"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3879"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19683"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/98-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_15_openslp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/12792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/98-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 18:29
Modified
2024-11-21 02:32
Severity ?
Summary
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openslp | openslp | 1.2.1 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2759B9FB-9B05-4137-9C90-02D7CDBB692D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package."
},
{
"lang": "es",
"value": "Vulnerabilidad de liberaci\u00f3n doble (double free) en la funci\u00f3n SLPDKnownDAAdd en slpd/slpd_knownda.c en OpenSLP 1.2.1 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio utilizando un paquete manipulado."
}
],
"id": "CVE-2015-5177",
"lastModified": "2024-11-21T02:32:30.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T18:29:00.200",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76635"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033719"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2015/dsa-3353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2015/dsa-3353"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-11 17:55
Modified
2024-11-21 01:19
Severity ?
Summary
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openslp:openslp:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2759B9FB-9B05-4137-9C90-02D7CDBB692D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3C6FC4-DAE3-42DB-B845-593BBD2A50BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C9E205-87EE-4CE2-A252-DED7BB6D4EAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "El analizador de extensiones en el archivo slp_v2message.c en OpenSLP versi\u00f3n 1.2.1 y otras versiones anteriores a la revisi\u00f3n SVN 1647, como es usado en demonio de Service Location Protocol (SLPD) en ESX versiones 4.0 y 4.1 y ESXi versiones 4.0 y 4.1 de VMware, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) por medio de un paquete con un \"next extension offset\" que hace referencia a esta extensi\u00f3n o una extensi\u00f3n previa. NOTA: algunos de estos detalles son obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-3609",
"lastModified": "2024-11-21T01:19:13.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-11T17:55:02.617",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43601"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43742"
},
{
"source": "cret@cert.org",
"url": "http://securityreason.com/securityalert/8127"
},
{
"source": "cret@cert.org",
"url": "http://securitytracker.com/id?1025168"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/393783"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:141"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:111"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/71019"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/46772"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0729"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65931"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"source": "cret@cert.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/393783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/71019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200311-0047
Vulnerability from variot
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200311-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openslp",
"scope": "lte",
"trust": 1.0,
"vendor": "openslp",
"version": "1.0.11"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.9,
"vendor": "openslp",
"version": "1.0.11"
}
],
"sources": [
{
"db": "BID",
"id": "87721"
},
{
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.11",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87721"
}
],
"trust": 0.3
},
"cve": "CVE-2003-0875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-7700",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0875",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200311-078",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-7700",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7700"
},
{
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"db": "BID",
"id": "87721"
},
{
"db": "VULHUB",
"id": "VHN-7700"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0875",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030818 OPENSLP INITSCRIPT SYMLINK VULNERABILITY",
"trust": 0.6
},
{
"db": "CONECTIVA",
"id": "CLA-2003:723",
"trust": 0.6
},
{
"db": "BID",
"id": "87721",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-7700",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7700"
},
{
"db": "BID",
"id": "87721"
},
{
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"id": "VAR-200311-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7700"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:33:06.997000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000723"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=106123103606336\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=106123103606336\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=106123103606336\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026amp;anuncio=000723"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7700"
},
{
"db": "BID",
"id": "87721"
},
{
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7700"
},
{
"db": "BID",
"id": "87721"
},
{
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-7700"
},
{
"date": "2003-11-17T00:00:00",
"db": "BID",
"id": "87721"
},
{
"date": "2003-11-17T05:00:00",
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"date": "2003-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-7700"
},
{
"date": "2003-11-17T00:00:00",
"db": "BID",
"id": "87721"
},
{
"date": "2016-10-18T02:38:09.843000",
"db": "NVD",
"id": "CVE-2003-0875"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "87721"
},
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP slpd script slpd.all_init Symbolic link vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200311-078"
}
],
"trust": 0.6
}
}
var-201804-0505
Vulnerability from variot
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. An attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. OpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-12
https://security.gentoo.org/
Severity: Normal Title: OpenSLP: Multiple vulnerabilities Date: May 14, 2020 Bugs: #662878 ID: 202005-12
Synopsis
Multiple vulnerabilities have been found in OpenSLP, the worst of which could result in the arbitrary execution of code.
Background
OpenSLP is an open-source implementation of Service Location Protocol (SLP).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openslp <= 2.0.0-r5 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
Description
Multiple vulnerabilities have been discovered in OpenSLP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for OpenSLP. We recommend that users unmerge OpenSLP: # emerge --unmerge "net-libs/openslp"
NOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued support at this time. It may be possible that a new Gentoo developer will update OpenSLP at a later date. No known alternatives to OpenSLP are in the tree at this time.
References
[ 1 ] CVE-2017-17833 https://nvd.nist.gov/vuln/detail/CVE-2017-17833 [ 2 ] CVE-2019-5544 https://nvd.nist.gov/vuln/detail/CVE-2019-5544
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3708-1 July 09, 2018
openslp-dfsg vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
OpenSLP could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - openslp-dfsg: Service Location Protocol library
Details:
It was discovered that OpenSLP incorrectly handled certain memory operations.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libslp1 1.2.1-11ubuntu0.16.04.1
Ubuntu 14.04 LTS: libslp1 1.2.1-9ubuntu0.3
In general, a standard system update will make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: openslp security update Advisory ID: RHSA-2018:2240-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2240 Issue date: 2018-07-23 CVE Names: CVE-2017-17833 =====================================================================
- Summary:
An update for openslp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks.
Security Fix(es):
- openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
ppc64: openslp-2.0.0-7.el7_5.ppc.rpm openslp-2.0.0-7.el7_5.ppc64.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-server-2.0.0-7.el7_5.ppc64.rpm
ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
aarch64: openslp-2.0.0-7.el7_5.aarch64.rpm openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-server-2.0.0-7.el7_5.aarch64.rpm
ppc64le: openslp-2.0.0-7.el7_5.ppc64le.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-server-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-2.0.0-7.el7_5.s390.rpm openslp-2.0.0-7.el7_5.s390x.rpm openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-server-2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openslp-debuginfo-2.0.0-7.el7_5.ppc.rpm openslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm openslp-devel-2.0.0-7.el7_5.ppc.rpm openslp-devel-2.0.0-7.el7_5.ppc64.rpm
ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: openslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm openslp-devel-2.0.0-7.el7_5.aarch64.rpm
ppc64le: openslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm openslp-devel-2.0.0-7.el7_5.ppc64le.rpm
s390x: openslp-debuginfo-2.0.0-7.el7_5.s390.rpm openslp-debuginfo-2.0.0-7.el7_5.s390x.rpm openslp-devel-2.0.0-7.el7_5.s390.rpm openslp-devel-2.0.0-7.el7_5.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openslp-2.0.0-7.el7_5.src.rpm
x86_64: openslp-2.0.0-7.el7_5.i686.rpm openslp-2.0.0-7.el7_5.x86_64.rpm openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-server-2.0.0-7.el7_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openslp-debuginfo-2.0.0-7.el7_5.i686.rpm openslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm openslp-devel-2.0.0-7.el7_5.i686.rpm openslp-devel-2.0.0-7.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-17833 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/cve/CVE-2017-17833
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY hW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx IXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs T6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu 5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO nouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT 743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm /Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr oxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca tehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8 XHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh GSs8CyxuJUo= =aDcY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openslp",
"scope": "eq",
"trust": 2.4,
"vendor": "openslp",
"version": "1.0.2"
},
{
"model": "openslp",
"scope": "eq",
"trust": 2.4,
"vendor": "openslp",
"version": "1.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "flex system fc3171 8gb san switch",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "9.1.13.02.00"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "thinkserver rd650",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinksystem hr630x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts460",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "imm1",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.55"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver rd440",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd540",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "cmm",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.8.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver td340",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "46.00"
},
{
"model": "thinkserver rd450x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd340",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "xclarity administrator",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "bm nextscale fan power controller",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "24p-2.15"
},
{
"model": "thinkserver rs160",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "imm2",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.70"
},
{
"model": "thinkserver td350",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "fan power controller",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "30r-1.13"
},
{
"model": "thinkserver sd350",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "thinkserver rd350g",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "thinksystem hr650x",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rq750",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.40"
},
{
"model": "thinksystem sr630",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "storage n4610",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "storage n3310",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thinkserver rd640",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd550",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd450",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thinkserver rd350",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.3,
"vendor": "openslp",
"version": "1.0.20"
},
{
"model": "openslp",
"scope": "eq",
"trust": 0.3,
"vendor": "openslp",
"version": "1.1"
},
{
"model": "thinkserver ts460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver sr630",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rs160",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rq750",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd640",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd450x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd350x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd340",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver hr650x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver hr630x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver rd650",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd550",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd450",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver rd350",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts460",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "thinkserver rs160",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.32"
},
{
"model": "thinkserver rq750",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.40"
},
{
"model": "thinkserver rd650",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd640",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd550",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd540",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd450",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd440",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
},
{
"model": "thinkserver rd350",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "4.53.351"
},
{
"model": "thinkserver rd340",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "50.00"
}
],
"sources": [
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openslp:openslp:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_hr630x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_hr630x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_hr650x_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_hr650x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:flex_system_fc3171_8gb_san_switch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.13.02.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:flex_system_fc3171_8gb_san_switch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storage_n3310_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storage_n3310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:storage_n4610_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:storage_n4610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:imm2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.70",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:cmm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:bm_nextscale_fan_power_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "24p-2.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:fan_power_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "30r-1.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:lenovo:imm1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.55",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd440_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd450_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd550_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd540_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd640_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "50.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rd650_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rd650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rq750_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rq750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_rs160_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_rs160:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_sd350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_sd350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td340_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "46.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_td350_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.53.351",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_td350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_ts460_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_ts460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17833"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.7
},
"cve": "CVE-2017-17833",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-17833",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-108895",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-17833",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17833",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-898",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108895",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. OpenSLP Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. OpenSLP is prone to a heap-memory-corruption vulnerability. \nAn attacker can exploit this issue to crash the affected application or execute arbitrary code within the context of the affected application. \nOpenSLP 1.0.2 and 1.1.0 are vulnerable. Lenovo ThinkServer RD350G, etc. are all products of China Lenovo (Lenovo). Lenovo ThinkServer RD350G, RD350X, RD450X and HR650 are all rack-mounted servers; N3310 and N4610 are all NAS storage devices; Fan Power Controller (FPC) is a fan speed controller. The protocol supports searching services in the network through service types and attributes. A security vulnerability exists in OpenSLP versions 1.0.2 and 1.1.0. The following products and versions are affected: Lenovo ThinkServer RD350G; ThinkServer RD350X; ThinkServer RD450X; ThinkSystem HR650X; N3310 (Adapted from RD350) prior to 4.53.351; ) Versions prior to 30R-1.13, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202005-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSLP: Multiple vulnerabilities\n Date: May 14, 2020\n Bugs: #662878\n ID: 202005-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSLP, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nOpenSLP is an open-source implementation of Service Location Protocol\n(SLP). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openslp \u003c= 2.0.0-r5 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSLP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for OpenSLP. We recommend that users\nunmerge OpenSLP:\n # emerge --unmerge \"net-libs/openslp\"\n\nNOTE: The Gentoo developer(s) maintaining OpenSLP have discontinued\nsupport at this time. It may be possible that a new Gentoo developer\nwill update OpenSLP at a later date. No known alternatives to OpenSLP\nare in the tree at this time. \n\nReferences\n==========\n\n[ 1 ] CVE-2017-17833\n https://nvd.nist.gov/vuln/detail/CVE-2017-17833\n[ 2 ] CVE-2019-5544\n https://nvd.nist.gov/vuln/detail/CVE-2019-5544\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202005-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3708-1\nJuly 09, 2018\n\nopenslp-dfsg vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nOpenSLP could be made to crash or run programs if it received specially\ncrafted network traffic. \n\nSoftware Description:\n- openslp-dfsg: Service Location Protocol library\n\nDetails:\n\nIt was discovered that OpenSLP incorrectly handled certain memory\noperations. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libslp1 1.2.1-11ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n libslp1 1.2.1-9ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openslp security update\nAdvisory ID: RHSA-2018:2240-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2240\nIssue date: 2018-07-23\nCVE Names: CVE-2017-17833 \n=====================================================================\n\n1. Summary:\n\nAn update for openslp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSLP is an open source implementation of the Service Location Protocol\n(SLP) which is an Internet Engineering Task Force (IETF) standards track\nprotocol and provides a framework to allow networking applications to\ndiscover the existence, location, and configuration of networked services\nin enterprise networks. \n\nSecurity Fix(es):\n\n* openslp: Heap memory corruption in slpd/slpd_process.c allows denial of\nservice or potentially code execution (CVE-2017-17833)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1572166 - CVE-2017-17833 openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nppc64:\nopenslp-2.0.0-7.el7_5.ppc.rpm\nopenslp-2.0.0-7.el7_5.ppc64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64.rpm\n\nppc64le:\nopenslp-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-2.0.0-7.el7_5.s390.rpm\nopenslp-2.0.0-7.el7_5.s390x.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-server-2.0.0-7.el7_5.s390x.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\naarch64:\nopenslp-2.0.0-7.el7_5.aarch64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm\nopenslp-server-2.0.0-7.el7_5.aarch64.rpm\n\nppc64le:\nopenslp-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-server-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-2.0.0-7.el7_5.s390.rpm\nopenslp-2.0.0-7.el7_5.s390x.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-server-2.0.0-7.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64.rpm\n\nppc64le:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-devel-2.0.0-7.el7_5.s390.rpm\nopenslp-devel-2.0.0-7.el7_5.s390x.rpm\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenslp-debuginfo-2.0.0-7.el7_5.aarch64.rpm\nopenslp-devel-2.0.0-7.el7_5.aarch64.rpm\n\nppc64le:\nopenslp-debuginfo-2.0.0-7.el7_5.ppc64le.rpm\nopenslp-devel-2.0.0-7.el7_5.ppc64le.rpm\n\ns390x:\nopenslp-debuginfo-2.0.0-7.el7_5.s390.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.s390x.rpm\nopenslp-devel-2.0.0-7.el7_5.s390.rpm\nopenslp-devel-2.0.0-7.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenslp-2.0.0-7.el7_5.src.rpm\n\nx86_64:\nopenslp-2.0.0-7.el7_5.i686.rpm\nopenslp-2.0.0-7.el7_5.x86_64.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-server-2.0.0-7.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenslp-debuginfo-2.0.0-7.el7_5.i686.rpm\nopenslp-debuginfo-2.0.0-7.el7_5.x86_64.rpm\nopenslp-devel-2.0.0-7.el7_5.i686.rpm\nopenslp-devel-2.0.0-7.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-17833\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/cve/CVE-2017-17833\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW1XqMdzjgjWX9erEAQiW3hAAk358/RhcFT2A8KBFIeJ2frbTpp6WbCSY\nhW72vqKQHa+CxTw7sFU8MG+BllEr3w88eRyGW+E6rtev0FAEAQKvwEzFwZKRsaVx\nIXcWL+CnhzNkNcnAVO2aG0R3WFX1xvyRJXI6zKhwYl4VuXS8sM6Ynb4++2NQvJUs\nT6SUHicYKqRNHnw19eFgGSirtGwjB+eBIHZiLS8SfVinIni3ff7X6FaqWOzgI2uu\n5Js+urIVqsX1E9wxCF8O2kerpebxyp1ov2D7tKK5FwSHWWke2o36HCQgdKMWkiDO\nnouSp2nl7YArlX3QLC3QRcAgGTcPuUt3cqZahqA4unGie34TXzyKszxlQxD1O6xT\n743zxrCavcVdfHcFYUsa3m1RqqAyjsIdAO06raYpxKYaMK5fo0DBRUS4IS25WEVm\n/Uum1JGXLnZZnAE4BPQzC4cGav7UMAe2c23FVNFtNfgB8d2D1wWnwOc7N7TIYthr\noxB4JC1/suaIo4sC1YqV5C5KqfcMt9wuXl8A7sbQnlAeNalKfSYduUDU4zU3W0Ca\ntehFsLlnii/0Zrsf4jVNk6OoDAnsrblPBem/lNMP1CwGKLitUmmpnotlnc2O3iX8\nXHWlu98rJ+CPnO0/uq8R8O9ONfoS2nmbbRi2KgTPqRNeAO+xYWxIIS91pFYl6Byh\nGSs8CyxuJUo=\n=aDcY\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17833",
"trust": 3.2
},
{
"db": "LENOVO",
"id": "LEN-18247",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "157725",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4580",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0570",
"trust": 0.6
},
{
"db": "BID",
"id": "104577",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "148646",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148456",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-108895",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"id": "VAR-201804-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
}
],
"trust": 0.775
},
"last_update_date": "2023-12-18T11:45:27.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1364-1] openslp-dfsg security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"title": "Lenovo fix for slpd crash during testing: bad pointer after realloc.",
"trust": 0.8,
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"trust": 2.0,
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202005-12"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2240"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2308"
},
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/solutions/len-18247"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17833"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17833"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00007.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157725/gentoo-linux-security-advisory-202005-12.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10957097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4580/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10956531"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76030"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-17833"
},
{
"trust": 0.3,
"url": "http://www.openslp.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572166"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/solutions/len-18247"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5544"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-9ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3708-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openslp-dfsg/1.2.1-11ubuntu0.16.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-108895"
},
{
"db": "BID",
"id": "104577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"db": "PACKETSTORM",
"id": "157725"
},
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "PACKETSTORM",
"id": "148819"
},
{
"db": "PACKETSTORM",
"id": "148646"
},
{
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-108895"
},
{
"date": "2018-04-23T00:00:00",
"db": "BID",
"id": "104577"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"date": "2020-05-15T14:53:11",
"db": "PACKETSTORM",
"id": "157725"
},
{
"date": "2018-07-09T23:38:59",
"db": "PACKETSTORM",
"id": "148456"
},
{
"date": "2018-08-03T22:22:22",
"db": "PACKETSTORM",
"id": "148819"
},
{
"date": "2018-07-24T17:33:30",
"db": "PACKETSTORM",
"id": "148646"
},
{
"date": "2018-04-23T18:29:00.663000",
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-108895"
},
{
"date": "2018-04-23T00:00:00",
"db": "BID",
"id": "104577"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013328"
},
{
"date": "2020-05-15T00:15:11.443000",
"db": "NVD",
"id": "CVE-2017-17833"
},
{
"date": "2020-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "148456"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSLP Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013328"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-898"
}
],
"trust": 0.6
}
}
cve-2017-17833
Vulnerability from cvelistv5
Published
2018-04-23 18:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3708-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html | mailing-list, x_refsource_MLIST | |
| http://support.lenovo.com/us/en/solutions/LEN-18247 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:2308 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:2240 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/202005-12 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:48.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3708-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"name": "[debian-lts-announce] 20180425 [SECURITY] [DLA 1364-1] openslp-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-18247"
},
{
"name": "RHSA-2018:2308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2308"
},
{
"name": "RHSA-2018:2240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2240"
},
{
"name": "GLSA-202005-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3708-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"name": "[debian-lts-announce] 20180425 [SECURITY] [DLA 1364-1] openslp-dfsg security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-18247"
},
{
"name": "RHSA-2018:2308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2308"
},
{
"name": "RHSA-2018:2240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2240"
},
{
"name": "GLSA-202005-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3708-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3708-1/"
},
{
"name": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/"
},
{
"name": "[debian-lts-announce] 20180425 [SECURITY] [DLA 1364-1] openslp-dfsg security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-18247",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-18247"
},
{
"name": "RHSA-2018:2308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2308"
},
{
"name": "RHSA-2018:2240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2240"
},
{
"name": "GLSA-202005-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17833",
"datePublished": "2018-04-23T18:00:00",
"dateReserved": "2017-12-22T00:00:00",
"dateUpdated": "2024-08-05T21:06:48.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7567
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/27/4 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93186 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/09/28/1 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201707-05 | vendor-advisory, x_refsource_GENTOO | |
| https://www.exploit-db.com/exploits/45804/ | exploit, x_refsource_EXPLOIT-DB | |
| https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:54.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"name": "93186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93186"
},
{
"name": "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"name": "GLSA-201707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "45804",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45804/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-10T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"name": "93186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93186"
},
{
"name": "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"name": "GLSA-201707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "45804",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45804/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"name": "93186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93186"
},
{
"name": "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"name": "GLSA-201707-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "45804",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45804/"
},
{
"name": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7567",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:54.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0875
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106123103606336&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000723 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030818 OpenSLP initscript symlink vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106123103606336\u0026w=2"
},
{
"name": "CLA-2003:723",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030818 OpenSLP initscript symlink vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106123103606336\u0026w=2"
},
{
"name": "CLA-2003:723",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030818 OpenSLP initscript symlink vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106123103606336\u0026w=2"
},
{
"name": "CLA-2003:723",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0875",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-23T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5177
Vulnerability from cvelistv5
Published
2017-10-20 21:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2015/dsa-3353 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1033719 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/76635 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1251064 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"name": "DSA-3353",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2015/dsa-3353"
},
{
"name": "1033719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033719"
},
{
"name": "76635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-21T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"name": "DSA-3353",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2015/dsa-3353"
},
{
"name": "1033719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033719"
},
{
"name": "76635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5177",
"datePublished": "2017-10-20T21:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4912
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1329295 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201707-05 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1035916 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2016/05/18/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295"
},
{
"name": "GLSA-201707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "1035916",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035916"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: null pointer deref in openslp, can be triggered remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295"
},
{
"name": "GLSA-201707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "1035916",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035916"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: null pointer deref in openslp, can be triggered remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329295"
},
{
"name": "GLSA-201707-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "1035916",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035916"
},
{
"name": "[oss-security] 20160518 Re: CVE Request: null pointer deref in openslp, can be triggered remotely",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/18/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4912",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2016-05-18T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0769
Vulnerability from cvelistv5
Published
2005-03-18 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/22128 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19683 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:055 | vendor-advisory, x_refsource_MANDRAKE | |
| http://secunia.com/advisories/14561 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/447537/100/0/threaded | vendor-advisory, x_refsource_HP | |
| http://www.securityfocus.com/bid/12792 | vdb-entry, x_refsource_BID | |
| http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.novell.com/linux/security/advisories/2005_15_openslp.html | vendor-advisory, x_refsource_SUSE | |
| http://www.vupen.com/english/advisories/2006/3879 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/447537/100/0/threaded | vendor-advisory, x_refsource_HP | |
| https://usn.ubuntu.com/98-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22128"
},
{
"name": "openslp-slp-bo(19683)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19683"
},
{
"name": "MDKSA-2005:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:055"
},
{
"name": "14561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14561"
},
{
"name": "SSRT061149",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"name": "12792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12792"
},
{
"name": "GLSA-200503-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml"
},
{
"name": "SUSE-SA:2005:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_15_openslp.html"
},
{
"name": "ADV-2006-3879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3879"
},
{
"name": "HPSBUX02129",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"name": "USN-98-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/98-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22128",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22128"
},
{
"name": "openslp-slp-bo(19683)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19683"
},
{
"name": "MDKSA-2005:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:055"
},
{
"name": "14561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14561"
},
{
"name": "SSRT061149",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"name": "12792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12792"
},
{
"name": "GLSA-200503-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml"
},
{
"name": "SUSE-SA:2005:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_15_openslp.html"
},
{
"name": "ADV-2006-3879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3879"
},
{
"name": "HPSBUX02129",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"name": "USN-98-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/98-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22128"
},
{
"name": "openslp-slp-bo(19683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19683"
},
{
"name": "MDKSA-2005:055",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:055"
},
{
"name": "14561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14561"
},
{
"name": "SSRT061149",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"name": "12792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12792"
},
{
"name": "GLSA-200503-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml"
},
{
"name": "SUSE-SA:2005:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_15_openslp.html"
},
{
"name": "ADV-2006-3879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3879"
},
{
"name": "HPSBUX02129",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/447537/100/0/threaded"
},
{
"name": "USN-98-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/98-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0769",
"datePublished": "2005-03-18T05:00:00",
"dateReserved": "2005-03-18T00:00:00",
"dateUpdated": "2024-08-07T21:28:28.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3609
Vulnerability from cvelistv5
Published
2011-03-11 17:00
Modified
2024-08-07 03:18
Severity ?
EPSS score ?
Summary
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a "next extension offset" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:18:53.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#393783",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/393783"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227"
},
{
"name": "43742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43742"
},
{
"name": "71019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71019"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "MDVSA-2013:111",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:111"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "8127",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8127"
},
{
"name": "1025168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025168"
},
{
"name": "GLSA-201707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "vmware-esxserver-slpd-dos(65931)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65931"
},
{
"name": "ADV-2011-0729",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0729"
},
{
"name": "MDVSA-2012:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:141"
},
{
"name": "46772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46772"
},
{
"name": "43601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#393783",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/393783"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227"
},
{
"name": "43742",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43742"
},
{
"name": "71019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71019"
},
{
"name": "ADV-2011-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "MDVSA-2013:111",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:111"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "8127",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8127"
},
{
"name": "1025168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025168"
},
{
"name": "GLSA-201707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "vmware-esxserver-slpd-dos(65931)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65931"
},
{
"name": "ADV-2011-0729",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0729"
},
{
"name": "MDVSA-2012:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:141"
},
{
"name": "46772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46772"
},
{
"name": "43601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-3609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of service (infinite loop) via a packet with a \"next extension offset\" that references this extension or a previous extension. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#393783",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/393783"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0227"
},
{
"name": "43742",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43742"
},
{
"name": "71019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71019"
},
{
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "MDVSA-2013:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:111"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "8127",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8127"
},
{
"name": "1025168",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025168"
},
{
"name": "GLSA-201707-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "vmware-esxserver-slpd-dos(65931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65931"
},
{
"name": "ADV-2011-0729",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0729"
},
{
"name": "MDVSA-2012:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:141"
},
{
"name": "46772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46772"
},
{
"name": "43601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43601"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-3609",
"datePublished": "2011-03-11T17:00:00",
"dateReserved": "2010-09-27T00:00:00",
"dateUpdated": "2024-08-07T03:18:53.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5544
Vulnerability from cvelistv5
Published
2019-12-06 15:54
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2019-0022.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2019/12/10/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2019/12/11/2 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:4240 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/ | vendor-advisory, x_refsource_FEDORA | |
| https://access.redhat.com/errata/RHSA-2020:0199 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/202005-12 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | ESXi and Horizon DaaS |
Version: ESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0022.html"
},
{
"name": "[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/2"
},
{
"name": "[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/2"
},
{
"name": "RHSA-2019:4240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4240"
},
{
"name": "FEDORA-2019-1e5ae33e87",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/"
},
{
"name": "FEDORA-2019-86bceb61b3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/"
},
{
"name": "RHSA-2020:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0199"
},
{
"name": "GLSA-202005-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESXi and Horizon DaaS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Overwrite",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:15",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0022.html"
},
{
"name": "[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/2"
},
{
"name": "[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/2"
},
{
"name": "RHSA-2019:4240",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4240"
},
{
"name": "FEDORA-2019-1e5ae33e87",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/"
},
{
"name": "FEDORA-2019-86bceb61b3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/"
},
{
"name": "RHSA-2020:0199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0199"
},
{
"name": "GLSA-202005-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2019-5544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi and Horizon DaaS",
"version": {
"version_data": [
{
"version_value": "ESXi 6.7 prior to patch release ESXi670-201912001, ESXi 6.5 prior to patch release ESXi650-201912001, ESXi 6.0 prior to patch release ESXi600-201912001 and Horizon DaaS 8.x prior to BZ-2467224-Disable_SLPD_service_permanently_801_Hotfix."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overwrite"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0022.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0022.html"
},
{
"name": "[oss-security] 20191210 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/10/2"
},
{
"name": "[oss-security] 20191211 Re: CVE-2019-5544 openslp 1.2.1, 2.0.0 heap overflow vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/11/2"
},
{
"name": "RHSA-2019:4240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4240"
},
{
"name": "FEDORA-2019-1e5ae33e87",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/"
},
{
"name": "FEDORA-2019-86bceb61b3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/"
},
{
"name": "RHSA-2020:0199",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0199"
},
{
"name": "GLSA-202005-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2019-5544",
"datePublished": "2019-12-06T15:54:18",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-08-04T20:01:51.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4428
Vulnerability from cvelistv5
Published
2019-12-02 17:41
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-4428 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-4428 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78732 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/09/13/27 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55540 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-2730-1 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201707-05 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | openslp-dfsg | openslp-dfsg |
Version: 1.2.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-4428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2730-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openslp-dfsg",
"vendor": "openslp-dfsg",
"versions": [
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openslp: SLPIntersectStringList()\u0027 Function has a DoS vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bounds read in SLPIntersectStringList() can cause DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T17:41:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-4428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-4428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2730-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/201707-05"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4428",
"datePublished": "2019-12-02T17:41:11",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}