Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-431
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QFabric 3100 Director versions 12.x",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ScreenOS",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CTPView 7.0R3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Juniper Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2905",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
},
{
"name": "CVE-2011-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
},
{
"name": "CVE-2013-1667",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
},
{
"name": "CVE-2012-3417",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
},
{
"name": "CVE-2014-0063",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
},
{
"name": "CVE-2014-8867",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
},
{
"name": "CVE-2015-1793",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2009-3490",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
},
{
"name": "CVE-2012-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
},
{
"name": "CVE-2010-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
},
{
"name": "CVE-2012-5526",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
},
{
"name": "CVE-2010-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
},
{
"name": "CVE-2014-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
},
{
"name": "CVE-2009-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
},
{
"name": "CVE-2007-6067",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
},
{
"name": "CVE-2010-0826",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
},
{
"name": "CVE-2014-8159",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
},
{
"name": "CVE-2010-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
},
{
"name": "CVE-2013-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2010-4352",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
},
{
"name": "CVE-2015-7749",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2010-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
},
{
"name": "CVE-2009-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
},
{
"name": "CVE-2014-6450",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2008-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
},
{
"name": "CVE-2012-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2011-1081",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
},
{
"name": "CVE-2009-1632",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
},
{
"name": "CVE-2012-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
},
{
"name": "CVE-2015-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
},
{
"name": "CVE-2013-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-5195",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2014-6449",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2014-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
},
{
"name": "CVE-2012-6329",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
},
{
"name": "CVE-2014-4345",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
},
{
"name": "CVE-2008-5302",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
},
{
"name": "CVE-2013-6629",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
},
{
"name": "CVE-2014-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
},
{
"name": "CVE-2013-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
},
{
"name": "CVE-2012-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
},
{
"name": "CVE-2007-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2015-7752",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
},
{
"name": "CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"name": "CVE-2014-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
},
{
"name": "CVE-2014-0065",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
},
{
"name": "CVE-2007-4772",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
},
{
"name": "CVE-2013-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
},
{
"name": "CVE-2012-6151",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
},
{
"name": "CVE-2008-5303",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2011-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
},
{
"name": "CVE-2015-7748",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
},
{
"name": "CVE-2015-7750",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
},
{
"name": "CVE-2015-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2008-3834",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
},
{
"name": "CVE-2010-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
},
{
"name": "CVE-2014-0062",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
},
{
"name": "CVE-2011-1025",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
},
{
"name": "CVE-2014-6448",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2010-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
},
{
"name": "CVE-2009-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
},
{
"name": "CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"name": "CVE-2010-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
},
{
"name": "CVE-2010-4530",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
},
{
"name": "CVE-2011-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2014-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
},
{
"name": "CVE-1999-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
},
{
"name": "CVE-2010-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
},
{
"name": "CVE-2011-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
},
{
"name": "CVE-2009-1574",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
},
{
"name": "CVE-2009-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2012-2143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
},
{
"name": "CVE-2014-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
}
],
"links": [],
"reference": "CERTFR-2015-AVI-431",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2014-6448 (GCVE-0-2014-6448)
Vulnerability from cvelistv5 – Published: 2020-01-15 18:01 – Updated: 2024-08-06 12:17
VLAI
EPSS
VEX
Summary
Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
Date Public
2015-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:24.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T18:01:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6448",
"datePublished": "2020-01-15T18:01:00.000Z",
"dateReserved": "2014-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:17:24.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6449 (GCVE-0-2014-6449)
Vulnerability from cvelistv5 – Published: 2015-10-16 20:00 – Updated: 2024-08-06 12:17
VLAI
EPSS
VEX
Summary
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets "destined to the device."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1033853 | vdb-entryx_refsource_SECTRACK |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
Date Public
2015-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033853",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets \"destined to the device.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033853",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets \"destined to the device.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033853"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6449",
"datePublished": "2015-10-16T20:00:00.000Z",
"dateReserved": "2014-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:17:23.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6450 (GCVE-0-2014-6450)
Vulnerability from cvelistv5 – Published: 2015-10-16 20:00 – Updated: 2024-08-06 12:17
VLAI
EPSS
VEX
Summary
Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1033855 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:23.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699"
},
{
"name": "1033855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699"
},
{
"name": "1033855",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699"
},
{
"name": "1033855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6450",
"datePublished": "2015-10-16T20:00:00.000Z",
"dateReserved": "2014-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:17:23.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6451 (GCVE-0-2014-6451)
Vulnerability from cvelistv5 – Published: 2015-10-16 20:00 – Updated: 2024-08-06 12:17
VLAI
EPSS
VEX
Summary
J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1033857 | vdb-entryx_refsource_SECTRACK |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
Date Public
2015-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:17:24.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033857",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033857"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6451",
"datePublished": "2015-10-16T20:00:00.000Z",
"dateReserved": "2014-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:17:24.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8159 (GCVE-0-2014-8159)
Vulnerability from cvelistv5 – Published: 2015-03-16 10:00 – Updated: 2024-08-06 13:10
VLAI
EPSS
VEX
Summary
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0783.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2529-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2530-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2015-0695.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2561-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2015-0751.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2015-0803.html | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2015/dsa-3237 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-2528-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2527-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2015-0919.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2015-0782.html | vendor-advisoryx_refsource_REDHAT |
| http://www.ubuntu.com/usn/USN-2526-1 | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securitytracker.com/id/1032224 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/73060 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1181166 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2525-1 | vendor-advisoryx_refsource_UBUNTU |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2015-0870.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2015-0726.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2015-0674.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2015-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0783.html"
},
{
"name": "SUSE-SU-2015:1491",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
},
{
"name": "USN-2529-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2529-1"
},
{
"name": "USN-2530-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2530-1"
},
{
"name": "RHSA-2015:0695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"
},
{
"name": "SUSE-SU-2015:1489",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"name": "SUSE-SU-2015:1488",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
},
{
"name": "USN-2561-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2561-1"
},
{
"name": "RHSA-2015:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0751.html"
},
{
"name": "RHSA-2015:0803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html"
},
{
"name": "DSA-3237",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"name": "USN-2528-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2528-1"
},
{
"name": "USN-2527-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2527-1"
},
{
"name": "RHSA-2015:0919",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0919.html"
},
{
"name": "RHSA-2015:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html"
},
{
"name": "USN-2526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2526-1"
},
{
"name": "SUSE-SU-2015:1478",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "FEDORA-2015-4066",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html"
},
{
"name": "1032224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032224"
},
{
"name": "73060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181166"
},
{
"name": "USN-2525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2525-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "RHSA-2015:0870",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0870.html"
},
{
"name": "SUSE-SU-2015:1487",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
},
{
"name": "RHSA-2015:0726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0726.html"
},
{
"name": "RHSA-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0783.html"
},
{
"name": "SUSE-SU-2015:1491",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
},
{
"name": "USN-2529-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2529-1"
},
{
"name": "USN-2530-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2530-1"
},
{
"name": "RHSA-2015:0695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"
},
{
"name": "SUSE-SU-2015:1489",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"name": "SUSE-SU-2015:1488",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
},
{
"name": "USN-2561-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2561-1"
},
{
"name": "RHSA-2015:0751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0751.html"
},
{
"name": "RHSA-2015:0803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html"
},
{
"name": "DSA-3237",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"name": "USN-2528-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2528-1"
},
{
"name": "USN-2527-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2527-1"
},
{
"name": "RHSA-2015:0919",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0919.html"
},
{
"name": "RHSA-2015:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html"
},
{
"name": "USN-2526-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2526-1"
},
{
"name": "SUSE-SU-2015:1478",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "FEDORA-2015-4066",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html"
},
{
"name": "1032224",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032224"
},
{
"name": "73060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181166"
},
{
"name": "USN-2525-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2525-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "RHSA-2015:0870",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0870.html"
},
{
"name": "SUSE-SU-2015:1487",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
},
{
"name": "RHSA-2015:0726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0726.html"
},
{
"name": "RHSA-2015:0674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8159",
"datePublished": "2015-03-16T10:00:00.000Z",
"dateReserved": "2014-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:10:50.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8867 (GCVE-0-2014-8867)
Vulnerability from cvelistv5 – Published: 2014-12-01 15:00 – Updated: 2024-08-06 13:26
VLAI
EPSS
VEX
Summary
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0783.html | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/201504-04 | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/62672 | third-party-advisoryx_refsource_SECUNIA |
| http://support.citrix.com/article/CTX201794 | x_refsource_CONFIRM |
| http://support.citrix.com/article/CTX200288 | x_refsource_CONFIRM |
| http://www.debian.org/security/2015/dsa-3140 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://xenbits.xenproject.org/xsa/advisory-112.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/59949 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/71331 | vdb-entryx_refsource_BID |
Date Public
2014-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0783.html"
},
{
"name": "GLSA-201504-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "62672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX200288"
},
{
"name": "DSA-3140",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3140"
},
{
"name": "openSUSE-SU-2015:0226",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "openSUSE-SU-2015:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xenproject.org/xsa/advisory-112.html"
},
{
"name": "59949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59949"
},
{
"name": "71331",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The acceleration support for the \"REP MOVS\" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0783.html"
},
{
"name": "GLSA-201504-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "62672",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX201794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX200288"
},
{
"name": "DSA-3140",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3140"
},
{
"name": "openSUSE-SU-2015:0226",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "openSUSE-SU-2015:0256",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xenproject.org/xsa/advisory-112.html"
},
{
"name": "59949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59949"
},
{
"name": "71331",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acceleration support for the \"REP MOVS\" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0783",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0783.html"
},
{
"name": "GLSA-201504-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "62672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62672"
},
{
"name": "http://support.citrix.com/article/CTX201794",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201794"
},
{
"name": "http://support.citrix.com/article/CTX200288",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200288"
},
{
"name": "DSA-3140",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3140"
},
{
"name": "openSUSE-SU-2015:0226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "openSUSE-SU-2015:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name": "http://xenbits.xenproject.org/xsa/advisory-112.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xenproject.org/xsa/advisory-112.html"
},
{
"name": "59949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59949"
},
{
"name": "71331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8867",
"datePublished": "2014-12-01T15:00:00.000Z",
"dateReserved": "2014-11-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:26:02.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1158 (GCVE-0-2015-1158)
Vulnerability from cvelistv5 – Published: 2015-06-26 10:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
VEX
Summary
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1221641 | x_refsource_CONFIRM |
| http://www.debian.org/security/2015/dsa-3283 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2015-1123.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.opensuse.org/show_bug.cgi?id=924208 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2629-1 | vendor-advisoryx_refsource_UBUNTU |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1032556 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.cups.org/blog.php?L1082 | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/810572 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/75098 | vdb-entryx_refsource_BID |
| https://github.com/0x00string/oldays/blob/master/… | x_refsource_MISC |
| https://www.cups.org/str.php?L4609 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201510-07 | vendor-advisoryx_refsource_GENTOO |
| https://code.google.com/p/google-security-researc… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.exploit-db.com/exploits/37336/ | exploitx_refsource_EXPLOIT-DB |
| http://googleprojectzero.blogspot.in/2015/06/owni… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/41233/ | exploitx_refsource_EXPLOIT-DB |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221641"
},
{
"name": "DSA-3283",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3283"
},
{
"name": "RHSA-2015:1123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
},
{
"name": "USN-2629-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2629-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702"
},
{
"name": "1032556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032556"
},
{
"name": "SUSE-SU-2015:1044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cups.org/blog.php?L1082"
},
{
"name": "VU#810572",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/810572"
},
{
"name": "75098",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cups.org/str.php?L4609"
},
{
"name": "GLSA-201510-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=455"
},
{
"name": "SUSE-SU-2015:1041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
},
{
"name": "37336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37336/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
},
{
"name": "41233",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41233/"
},
{
"name": "openSUSE-SU-2015:1056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221641"
},
{
"name": "DSA-3283",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3283"
},
{
"name": "RHSA-2015:1123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
},
{
"name": "USN-2629-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2629-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702"
},
{
"name": "1032556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032556"
},
{
"name": "SUSE-SU-2015:1044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cups.org/blog.php?L1082"
},
{
"name": "VU#810572",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/810572"
},
{
"name": "75098",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cups.org/str.php?L4609"
},
{
"name": "GLSA-201510-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=455"
},
{
"name": "SUSE-SU-2015:1041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
},
{
"name": "37336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37336/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
},
{
"name": "41233",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41233/"
},
{
"name": "openSUSE-SU-2015:1056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221641",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221641"
},
{
"name": "DSA-3283",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3283"
},
{
"name": "RHSA-2015:1123",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
},
{
"name": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208",
"refsource": "CONFIRM",
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
},
{
"name": "USN-2629-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2629-1"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702"
},
{
"name": "1032556",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032556"
},
{
"name": "SUSE-SU-2015:1044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
},
{
"name": "http://www.cups.org/blog.php?L1082",
"refsource": "CONFIRM",
"url": "http://www.cups.org/blog.php?L1082"
},
{
"name": "VU#810572",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/810572"
},
{
"name": "75098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75098"
},
{
"name": "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py",
"refsource": "MISC",
"url": "https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py"
},
{
"name": "https://www.cups.org/str.php?L4609",
"refsource": "CONFIRM",
"url": "https://www.cups.org/str.php?L4609"
},
{
"name": "GLSA-201510-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-07"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=455",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=455"
},
{
"name": "SUSE-SU-2015:1041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
},
{
"name": "37336",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37336/"
},
{
"name": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html",
"refsource": "MISC",
"url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
},
{
"name": "41233",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41233/"
},
{
"name": "openSUSE-SU-2015:1056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1158",
"datePublished": "2015-06-26T10:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1159 (GCVE-0-2015-1159)
Vulnerability from cvelistv5 – Published: 2015-06-26 10:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2015/dsa-3283 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2015-1123.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.opensuse.org/show_bug.cgi?id=924208 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2629-1 | vendor-advisoryx_refsource_UBUNTU |
| http://kb.juniper.net/InfoCenter/index?page=conte… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1032556 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.cups.org/blog.php?L1082 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1221642 | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/810572 | third-party-advisoryx_refsource_CERT-VN |
| https://www.cups.org/str.php?L4609 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/75106 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201510-07 | vendor-advisoryx_refsource_GENTOO |
| https://code.google.com/p/google-security-researc… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://googleprojectzero.blogspot.in/2015/06/owni… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3283",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3283"
},
{
"name": "RHSA-2015:1123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
},
{
"name": "USN-2629-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2629-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702"
},
{
"name": "1032556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032556"
},
{
"name": "SUSE-SU-2015:1044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cups.org/blog.php?L1082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221642"
},
{
"name": "VU#810572",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/810572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cups.org/str.php?L4609"
},
{
"name": "75106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75106"
},
{
"name": "GLSA-201510-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=455"
},
{
"name": "SUSE-SU-2015:1041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
},
{
"name": "openSUSE-SU-2015:1056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "DSA-3283",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3283"
},
{
"name": "RHSA-2015:1123",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
},
{
"name": "USN-2629-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2629-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702"
},
{
"name": "1032556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032556"
},
{
"name": "SUSE-SU-2015:1044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cups.org/blog.php?L1082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221642"
},
{
"name": "VU#810572",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/810572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cups.org/str.php?L4609"
},
{
"name": "75106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75106"
},
{
"name": "GLSA-201510-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=455"
},
{
"name": "SUSE-SU-2015:1041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
},
{
"name": "openSUSE-SU-2015:1056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3283",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3283"
},
{
"name": "RHSA-2015:1123",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1123.html"
},
{
"name": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208",
"refsource": "CONFIRM",
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=924208"
},
{
"name": "USN-2629-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2629-1"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702"
},
{
"name": "1032556",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032556"
},
{
"name": "SUSE-SU-2015:1044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html"
},
{
"name": "http://www.cups.org/blog.php?L1082",
"refsource": "CONFIRM",
"url": "http://www.cups.org/blog.php?L1082"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221642",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221642"
},
{
"name": "VU#810572",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/810572"
},
{
"name": "https://www.cups.org/str.php?L4609",
"refsource": "CONFIRM",
"url": "https://www.cups.org/str.php?L4609"
},
{
"name": "75106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75106"
},
{
"name": "GLSA-201510-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-07"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=455",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=455"
},
{
"name": "SUSE-SU-2015:1041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html"
},
{
"name": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html",
"refsource": "MISC",
"url": "http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html"
},
{
"name": "openSUSE-SU-2015:1056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1159",
"datePublished": "2015-06-26T10:00:00.000Z",
"dateReserved": "2015-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1788 (GCVE-0-2015-1788)
Vulnerability from cvelistv5 – Published: 2015-06-12 00:00 – Updated: 2024-08-06 04:54
VLAI
EPSS
VEX
Summary
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
46 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143880121627664&w=2 | vendor-advisory |
| http://www.debian.org/security/2015/dsa-3287 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://fortiguard.com/advisory/openssl-vulnerabil… | |
| http://marc.info/?l=bugtraq&m=144050155601375&w=2 | vendor-advisory |
| http://www.securityfocus.com/bid/75158 | vdb-entry |
| https://openssl.org/news/secadv/20150611.txt | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.securitytracker.com/id/1032564 | vdb-entry |
| http://www-304.ibm.com/support/docview.wss?uid=sw… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.fortiguard.com/advisory/2015-06-11-for… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://github.com/openssl/openssl/commit/4924b37… | |
| http://fortiguard.com/advisory/2015-07-09-cve-201… | |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2639-1 | vendor-advisory |
| http://www.fortiguard.com/advisory/openssl-vulner… | |
| https://security.gentoo.org/glsa/201506-02 | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| https://support.apple.com/kb/HT205031 | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://support.citrix.com/article/CTX216642 | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://bto.bluecoat.com/security-advisory/sa98 | |
| http://ftp.netbsd.org/pub/NetBSD/security/advisor… | vendor-advisory |
| https://www.openssl.org/news/secadv_20150611.txt | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2015-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"tags": [
"x_transferred"
],
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "75158",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75158"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1032564",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032564"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
},
{
"tags": [
"x_transferred"
],
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2639-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"name": "75158",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/75158"
},
{
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1032564",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032564"
},
{
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
},
{
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2639-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"url": "https://support.apple.com/kb/HT205031"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1788",
"datePublished": "2015-06-12T00:00:00.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1789 (GCVE-0-2015-1789)
Vulnerability from cvelistv5 – Published: 2015-06-12 00:00 – Updated: 2024-08-06 04:54
VLAI
EPSS
VEX
Summary
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
55 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://marc.info/?l=bugtraq&m=143880121627664&w=2 | vendor-advisory |
| http://www.debian.org/security/2015/dsa-3287 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://github.com/openssl/openssl/commit/f48b83b… | |
| http://fortiguard.com/advisory/openssl-vulnerabil… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://marc.info/?l=bugtraq&m=144050155601375&w=2 | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| https://openssl.org/news/secadv/20150611.txt | |
| http://rhn.redhat.com/errata/RHSA-2015-1115.html | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://rhn.redhat.com/errata/RHSA-2015-1197.html | vendor-advisory |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.securitytracker.com/id/1032564 | vdb-entry |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.fortiguard.com/advisory/2015-06-11-for… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2639-1 | vendor-advisory |
| http://www.fortiguard.com/advisory/openssl-vulner… | |
| https://security.gentoo.org/glsa/201506-02 | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://www.securityfocus.com/bid/75156 | vdb-entry |
| https://support.apple.com/kb/HT205031 | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://support.citrix.com/article/CTX216642 | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://bto.bluecoat.com/security-advisory/sa98 | |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| http://ftp.netbsd.org/pub/NetBSD/security/advisor… | vendor-advisory |
| https://www.openssl.org/news/secadv_20150611.txt | |
| http://marc.info/?l=bugtraq&m=143654156615516&w=2 | vendor-advisory |
| https://www.arista.com/en/support/advisories-noti… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public
2015-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"name": "SUSE-SU-2015:1183",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
},
{
"tags": [
"x_transferred"
],
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"name": "RHSA-2015:1115",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "RHSA-2015:1197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1032564",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032564"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"name": "FEDORA-2015-10108",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2639-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "FEDORA-2015-10047",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
},
{
"name": "75156",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75156"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"name": "HPSBGN03371",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2015:1184",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"name": "SSRT102180",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"name": "DSA-3287",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"name": "SUSE-SU-2015:1150",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"name": "SUSE-SU-2015:1183",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
},
{
"url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
},
{
"name": "HPSBMU03409",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
},
{
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"name": "RHSA-2015:1115",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "RHSA-2015:1197",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "SUSE-SU-2015:1182",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "SUSE-SU-2015:1143",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "1032564",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1032564"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
},
{
"name": "FEDORA-2015-10108",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
},
{
"name": "openSUSE-SU-2015:1277",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "SUSE-SU-2015:1181",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2639-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2639-1"
},
{
"url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
},
{
"name": "GLSA-201506-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "HPSBUX03388",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "FEDORA-2015-10047",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
},
{
"name": "75156",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/75156"
},
{
"url": "https://support.apple.com/kb/HT205031"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "SUSE-SU-2015:1185",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694"
},
{
"name": "openSUSE-SU-2015:1139",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10733"
},
{
"name": "NetBSD-SA2015-008",
"tags": [
"vendor-advisory"
],
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"name": "HPSBGN03371",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1789",
"datePublished": "2015-06-12T00:00:00.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…