Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-153
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco WebEx Meetings Server version 2.6 | ||
| Cisco | N/A | Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0 | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1 | ||
| Cisco | N/A | Cisco APIC-EM version 1.0(1) | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7 | ||
| Cisco | N/A | Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7 | ||
| Cisco | N/A | Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation) | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6 | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7 | ||
| Cisco | N/A | Cisco Information Server version 6.2 | ||
| Cisco | N/A | Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4 | ||
| Cisco | N/A | Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco WebEx Meetings Server version 2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM version 1.0(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Information Server version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
},
{
"name": "CVE-2016-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2016-1550",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
},
{
"name": "CVE-2016-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
},
{
"name": "CVE-2016-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2016-1368",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2016-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2016-1373",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
},
{
"name": "CVE-2016-1392",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
},
{
"name": "CVE-2016-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
},
{
"name": "CVE-2016-1369",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
},
{
"name": "CVE-2015-7704",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
},
{
"name": "CVE-2016-2517",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
},
{
"name": "CVE-2016-1389",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
},
{
"name": "CVE-2016-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
}
],
"reference": "CERTFR-2016-AVI-153",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-05-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
"url": null
}
]
}
CVE-2016-1548 (GCVE-0-2016-1548)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:02
VLAI?
EPSS
Summary
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
34 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-3096-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2016:1141 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/88264 | vdb-entryx_refsource_BID |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://rhn.redhat.com/errata/RHSA-2016-1552.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://packetstormsecurity.com/files/136864/Slack… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/archive/1/538233/100… | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/archive/1/archive/1/… | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 | x_refsource_MISC |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NTP Project | NTP |
Affected:
4.2.8p4
|
|
| NTPsec Project | NTPSec |
Affected:
aa48d001683e5b791a743ec9c575aaf7d867a2b0c
|
Date Public ?
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "88264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88264"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:22:11.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "88264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88264"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0082/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "88264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88264"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1548",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1343 (GCVE-0-2016-1343)
Vulnerability from cvelistv5 – Published: 2016-04-30 10:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public ?
2016-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-30T01:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160428 Cisco Information Server XML Parser Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1343",
"datePublished": "2016-04-30T10:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1369 (GCVE-0-2016-1369)
Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1035743 | vdb-entryx_refsource_SECTRACK |
Date Public ?
2016-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160504 Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
},
{
"name": "1035743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160504 Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
},
{
"name": "1035743",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource consumption, and inspection outage or module outage) via a flood of crafted IP traffic, aka Bug ID CSCux19922."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160504 Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
},
{
"name": "1035743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1369",
"datePublished": "2016-05-05T21:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1368 (GCVE-0-2016-1368)
Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public ?
2016-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160504 Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-05T21:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160504 Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160504 Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1368",
"datePublished": "2016-05-05T21:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2105 (GCVE-0-2016-2105)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
61 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.slackware.com/security/viewer.php?l=sl… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2056.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2073.html | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.securityfocus.com/bid/89757 | vdb-entry |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.debian.org/security/2016/dsa-3566 | vendor-advisory |
| http://www.oracle.com/technetwork/topics/security… | |
| http://packetstormsecurity.com/files/136912/Slack… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://security.gentoo.org/glsa/201612-16 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1035721 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-1648.html | vendor-advisory |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| https://source.android.com/security/bulletin/pixe… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://www.tenable.com/security/tns-2016-18 | |
| http://rhn.redhat.com/errata/RHSA-2016-1649.html | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-0996.html | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2016050… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-1650.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2957.html | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2959-1 | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://rhn.redhat.com/errata/RHSA-2016-0722.html | vendor-advisory |
| https://www.freebsd.org/security/advisories/FreeB… | vendor-advisory |
| https://www.openssl.org/news/secadv/20160503.txt | |
| https://support.apple.com/HT206903 | |
| https://bto.bluecoat.com/security-advisory/sa123 | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"name": "89757",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89757"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "RHSA-2016:1648",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "RHSA-2016:1649",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1650",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"name": "89757",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/89757"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "RHSA-2016:1648",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1566",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "RHSA-2016:1649",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1650",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2105",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1551 (GCVE-0-2016-1551)
Vulnerability from cvelistv5 – Published: 2017-01-27 17:00 – Updated: 2024-08-05 23:02
VLAI?
EPSS
Summary
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/88219 | vdb-entryx_refsource_BID |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NTP Project | NTP |
Affected:
4.2.8p3
Affected: 4.2.8p4 |
|
| NTPsec Project | NTPSec |
Affected:
3e160db8dc248a0bcb053b56a80167dc742d2b74
Affected: a5fb34b9cc89b92a8fef2f459004865c93bb7f92 |
Date Public ?
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "88219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "88219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "88219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88219"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0132/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1551",
"datePublished": "2017-01-27T17:00:00.000Z",
"dateReserved": "2016-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:12.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2109 (GCVE-0-2016-2109)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
55 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.slackware.com/security/viewer.php?l=sl… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2056.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2073.html | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.debian.org/security/2016/dsa-3566 | vendor-advisory |
| http://www.oracle.com/technetwork/topics/security… | |
| http://packetstormsecurity.com/files/136912/Slack… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://source.android.com/security/bulletin/2017-07-01 | |
| https://security.gentoo.org/glsa/201612-16 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1035721 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://www.tenable.com/security/tns-2016-18 | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://kb.pulsesecure.net/articles/Pulse_Securit… | |
| http://rhn.redhat.com/errata/RHSA-2016-0996.html | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2016050… | |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2957.html | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2959-1 | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.securityfocus.com/bid/87940 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-0722.html | vendor-advisory |
| https://www.freebsd.org/security/advisories/FreeB… | vendor-advisory |
| https://www.openssl.org/news/secadv/20160503.txt | |
| https://support.apple.com/HT206903 | |
| https://bto.bluecoat.com/security-advisory/sa123 | |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "87940",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/87940"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "87940",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/87940"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2109",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2516 (GCVE-0-2016-2516)
Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-05 23:32
VLAI?
EPSS
Summary
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/88180 | vdb-entryx_refsource_BID |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| http://support.ntp.org/bin/view/Main/NtpBug3011 | x_refsource_CONFIRM |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
Date Public ?
2016-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "88180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88180"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "88180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88180"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "88180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88180"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3011",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2516",
"datePublished": "2017-01-30T21:00:00.000Z",
"dateReserved": "2016-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1373 (GCVE-0-2016-1373)
Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1035756 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public ?
2016-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1373",
"datePublished": "2016-05-05T21:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2519 (GCVE-0-2016-2519)
Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-05 23:32
VLAI?
EPSS
Summary
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://support.ntp.org/bin/view/Main/NtpBug3008 | x_refsource_CONFIRM |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| http://www.securityfocus.com/bid/88204 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
Date Public ?
2016-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3008",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2519",
"datePublished": "2017-01-30T21:00:00.000Z",
"dateReserved": "2016-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1387 (GCVE-0-2016-1387)
Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1035744 | vdb-entryx_refsource_SECTRACK |
Date Public ?
2016-05-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160504 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
},
{
"name": "1035744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160504 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
},
{
"name": "1035744",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160504 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
},
{
"name": "1035744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1387",
"datePublished": "2016-05-05T21:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1386 (GCVE-0-2016-1386)
Vulnerability from cvelistv5 – Published: 2016-04-28 22:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1035702 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public ?
2016-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035702"
},
{
"name": "20160428 Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035702",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035702"
},
{
"name": "20160428 Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035702"
},
{
"name": "20160428 Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1386",
"datePublished": "2016-04-28T22:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2518 (GCVE-0-2016-2518)
Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-05 23:32
VLAI?
EPSS
Summary
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-3096-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://support.ntp.org/bin/view/Main/NtpBug3009 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2016:1141 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://rhn.redhat.com/errata/RHSA-2016-1552.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| http://support.ntp.org/bin/view/Main/SecurityNoti… | x_refsource_CONFIRM |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/88226 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://packetstormsecurity.com/files/136864/Slack… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/archive/1/538233/100… | mailing-listx_refsource_BUGTRAQ |
| https://support.f5.com/csp/article/K20804323 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/archive/1/archive/1/… | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 | x_refsource_MISC |
Date Public ?
2016-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "88226",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88226"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T12:19:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "88226",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88226"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3009",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "88226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88226"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "https://support.f5.com/csp/article/K20804323",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2518",
"datePublished": "2017-01-30T21:00:00.000Z",
"dateReserved": "2016-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1550 (GCVE-0-2016-1550)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:02
VLAI?
EPSS
Summary
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
34 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-3096-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2016:1141 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://rhn.redhat.com/errata/RHSA-2016-1552.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| http://www.securityfocus.com/bid/88261 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://packetstormsecurity.com/files/136864/Slack… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/538233/100… | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/archive/1/archive/1/… | mailing-listx_refsource_BUGTRAQ |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 | x_refsource_MISC |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NTP Project | NTP |
Affected:
4.2.8p3
Affected: 4.2.8p4 |
|
| NTPsec Project | NTPSec |
Affected:
a5fb34b9cc89b92a8fef2f459004865c93bb7f92
|
Date Public ?
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88261"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:25:28.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88261"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0084/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88261"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1550",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8138 (GCVE-0-2015-8138)
Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-06 08:13
VLAI?
EPSS
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
32 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.ubuntu.com/usn/USN-3096-1 | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1034782 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2016-0063.html | vendor-advisoryx_refsource_REDHAT |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017103… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| http://support.ntp.org/bin/view/Main/SecurityNoti… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/81811 | vdb-entryx_refsource_BID |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://bto.bluecoat.com/security-advisory/sa113 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Date Public ?
2016-01-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:0063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "81811",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81811"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:23:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:0063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "81811",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81811"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:0063",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "81811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81811"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8138",
"datePublished": "2017-01-30T21:00:00.000Z",
"dateReserved": "2015-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:13:31.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2107 (GCVE-0-2016-2107)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
58 references
| URL | Tags |
|---|---|
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.slackware.com/security/viewer.php?l=sl… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://rhn.redhat.com/errata/RHSA-2016-2073.html | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.debian.org/security/2016/dsa-3566 | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://packetstormsecurity.com/files/136912/Slack… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://security.gentoo.org/glsa/201612-16 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.securitytracker.com/id/1035721 | vdb-entry |
| http://support.citrix.com/article/CTX212736 | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| https://blog.cloudflare.com/yet-another-padding-o… | |
| https://www.tenable.com/security/tns-2016-18 | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://source.android.com/security/bulletin/2016-… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://kb.pulsesecure.net/articles/Pulse_Securit… | |
| http://rhn.redhat.com/errata/RHSA-2016-0996.html | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://security.netapp.com/advisory/ntap-2016050… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| http://www.securityfocus.com/bid/89760 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-2957.html | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2959-1 | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://web-in-security.blogspot.ca/2016/05/curiou… | |
| http://rhn.redhat.com/errata/RHSA-2016-0722.html | vendor-advisory |
| https://www.freebsd.org/security/advisories/FreeB… | vendor-advisory |
| https://www.openssl.org/news/secadv/20160503.txt | |
| https://support.apple.com/HT206903 | |
| https://bto.bluecoat.com/security-advisory/sa123 | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| https://www.exploit-db.com/exploits/39768/ | exploit |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "openSUSE-SU-2016:1566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "89760",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89760"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"name": "39768",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39768/"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03728en_us"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "openSUSE-SU-2016:1566",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"url": "https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "89760",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/89760"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url": "http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"name": "39768",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/39768/"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2107",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2108 (GCVE-0-2016-2108)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
59 references
| URL | Tags |
|---|---|
| http://www.slackware.com/security/viewer.php?l=sl… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2056.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2073.html | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.debian.org/security/2016/dsa-3566 | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://packetstormsecurity.com/files/136912/Slack… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://security.gentoo.org/glsa/201612-16 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1035721 | vdb-entry |
| http://support.citrix.com/article/CTX212736 | |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://www.tenable.com/security/tns-2016-18 | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2017:0194 | vendor-advisory |
| http://source.android.com/security/bulletin/2016-… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| https://access.redhat.com/errata/RHSA-2017:0193 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://kb.pulsesecure.net/articles/Pulse_Securit… | |
| http://rhn.redhat.com/errata/RHSA-2016-0996.html | vendor-advisory |
| https://security-center.intel.com/advisory.aspx?i… | |
| https://security.netapp.com/advisory/ntap-2016050… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2957.html | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2959-1 | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://rhn.redhat.com/errata/RHSA-2016-0722.html | vendor-advisory |
| https://www.openssl.org/news/secadv/20160503.txt | |
| https://support.apple.com/HT206903 | |
| https://bto.bluecoat.com/security-advisory/sa123 | |
| http://www.securityfocus.com/bid/89752 | vdb-entry |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2016:1137 | vendor-advisory |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "RHSA-2017:0194",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0194"
},
{
"tags": [
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
},
{
"name": "RHSA-2017:0193",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0193"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "89752",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89752"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"name": "RHSA-2016:1137",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1137"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03726en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"url": "http://support.citrix.com/article/CTX212736"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3661bb4e7934668bd99ca777ea8b30eedfafa871"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "RHSA-2017:0194",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0194"
},
{
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804"
},
{
"name": "RHSA-2017:0193",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0193"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067\u0026languageid=en-fr"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "89752",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/89752"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"name": "RHSA-2016:1137",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1137"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2108",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1547 (GCVE-0-2016-1547)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:02
VLAI?
EPSS
Summary
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
15 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/88276 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2016/dsa-3629 | vendor-advisoryx_refsource_DEBIAN |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2016:1141 | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-1552.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NTP Project | NTP |
Affected:
4.2.8p3
Affected: 4.2.8p4 |
|
| NTPsec Project | NTPSec |
Affected:
a5fb34b9cc89b92a8fef2f459004865c93bb7f92
|
Date Public ?
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "88276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88276"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:24:21.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "88276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88276"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "88276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88276"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0081/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1547",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2517 (GCVE-0-2016-2517)
Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-05 23:32
VLAI?
EPSS
Summary
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://support.ntp.org/bin/view/Main/NtpBug3010 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/88189 | vdb-entryx_refsource_BID |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
Date Public ?
2016-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"name": "88189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88189"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"name": "88189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88189"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3010",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"name": "88189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88189"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2517",
"datePublished": "2017-01-30T21:00:00.000Z",
"dateReserved": "2016-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:20.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1389 (GCVE-0-2016-1389)
Vulnerability from cvelistv5 – Published: 2016-04-28 22:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1035703 | vdb-entryx_refsource_SECTRACK |
Date Public ?
2016-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160428 Cisco WebEx Meetings Server Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
},
{
"name": "1035703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160428 Cisco WebEx Meetings Server Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
},
{
"name": "1035703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160428 Cisco WebEx Meetings Server Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
},
{
"name": "1035703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1389",
"datePublished": "2016-04-28T22:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1549 (GCVE-0-2016-1549)
Vulnerability from cvelistv5 – Published: 2017-01-06 21:00 – Updated: 2024-08-05 23:02
VLAI?
EPSS
Summary
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.
Severity ?
No CVSS data available.
CWE
- unspecified
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.talosintelligence.com/reports/TALOS-20… | x_refsource_MISC |
| http://www.securityfocus.com/bid/88200 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1035705 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| https://security.FreeBSD.org/advisories/FreeBSD-S… | vendor-advisoryx_refsource_FREEBSD |
| https://www.synology.com/support/security/Synolog… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NTP Project | NTP |
Affected:
4.2.8p3
Affected: 4.2.8p4 |
|
| NTPsec Project | NTPSec |
Affected:
3e160db8dc248a0bcb053b56a80167dc742d2b74
Affected: a5fb34b9cc89b92a8fef2f459004865c93bb7f92 |
Date Public ?
2016-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"name": "88200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88200"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:28.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"name": "88200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88200"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0083/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"name": "88200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88200"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1549",
"datePublished": "2017-01-06T21:00:00.000Z",
"dateReserved": "2016-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:12.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2106 (GCVE-0-2016-2106)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
61 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://www.slackware.com/security/viewer.php?l=sl… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2056.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2073.html | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.debian.org/security/2016/dsa-3566 | vendor-advisory |
| http://www.oracle.com/technetwork/topics/security… | |
| http://packetstormsecurity.com/files/136912/Slack… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://security.gentoo.org/glsa/201612-16 | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securitytracker.com/id/1035721 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-1648.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| https://source.android.com/security/bulletin/pixe… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.securityfocus.com/bid/89744 | vdb-entry |
| https://www.tenable.com/security/tns-2016-18 | |
| http://rhn.redhat.com/errata/RHSA-2016-1649.html | vendor-advisory |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| https://kb.pulsesecure.net/articles/Pulse_Securit… | |
| http://rhn.redhat.com/errata/RHSA-2016-0996.html | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2016050… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| http://rhn.redhat.com/errata/RHSA-2016-1650.html | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://rhn.redhat.com/errata/RHSA-2016-2957.html | vendor-advisory |
| http://www.ubuntu.com/usn/USN-2959-1 | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| http://rhn.redhat.com/errata/RHSA-2016-0722.html | vendor-advisory |
| https://www.freebsd.org/security/advisories/FreeB… | vendor-advisory |
| https://www.openssl.org/news/secadv/20160503.txt | |
| https://support.apple.com/HT206903 | |
| https://bto.bluecoat.com/security-advisory/sa123 | |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisory |
| http://kb.juniper.net/InfoCenter/index?page=conte… | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "RHSA-2016:1648",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"name": "89744",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89744"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "RHSA-2016:1649",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1650",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "RHSA-2016:1648",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1648.html"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3f3582139fbb259a1c3cbb0a25236500a409bf26"
},
{
"name": "FEDORA-2016-1e39d934ed",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "FEDORA-2016-1411324654",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"name": "89744",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/89744"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "RHSA-2016:1649",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1649.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1650",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1650.html"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"name": "FEDORA-2016-05c567df1a",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2106",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7704 (GCVE-0-2015-7704)
Vulnerability from cvelistv5 – Published: 2017-08-07 20:00 – Updated: 2024-08-06 07:58
VLAI?
EPSS
Summary
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1271070 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2015-1930.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/77280 | vdb-entryx_refsource_BID |
| https://www.kb.cert.org/vuls/id/718152 | third-party-advisoryx_refsource_CERT-VN |
| http://bugs.ntp.org/show_bug.cgi?id=2901 | x_refsource_CONFIRM |
| https://support.citrix.com/article/CTX220112 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1033951 | vdb-entryx_refsource_SECTRACK |
| http://support.ntp.org/bin/view/Main/SecurityNoti… | x_refsource_CONFIRM |
| http://www.debian.org/security/2015/dsa-3388 | vendor-advisoryx_refsource_DEBIAN |
| https://www.cs.bu.edu/~goldbe/NTPattack.html | x_refsource_MISC |
| https://eprint.iacr.org/2015/1020.pdf | x_refsource_MISC |
| https://h20566.www2.hpe.com/portal/site/hpsc/publ… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2015-2520.html | vendor-advisoryx_refsource_REDHAT |
| http://support.ntp.org/bin/view/Main/NtpBug2901 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201607-15 | vendor-advisoryx_refsource_GENTOO |
| https://security.netapp.com/advisory/ntap-2017100… | x_refsource_CONFIRM |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
Date Public ?
2015-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"name": "RHSA-2015:1930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "77280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77280"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "RHSA-2015:2520",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:55:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"name": "RHSA-2015:1930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "77280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77280"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "RHSA-2015:2520",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"name": "RHSA-2015:1930",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "77280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77280"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2901",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"name": "https://support.citrix.com/article/CTX220112",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
"refsource": "MISC",
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "https://eprint.iacr.org/2015/1020.pdf",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "RHSA-2015:2520",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2901",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7704",
"datePublished": "2017-08-07T20:00:00.000Z",
"dateReserved": "2015-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2176 (GCVE-0-2016-2176)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
23 references
| URL | Tags |
|---|---|
| http://www.slackware.com/security/viewer.php?l=sl… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| https://git.openssl.org/?p=openssl.git%3Ba=commit… | |
| http://packetstormsecurity.com/files/136912/Slack… | |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://kc.mcafee.com/corporate/index?page=conten… | |
| https://security.gentoo.org/glsa/201612-16 | vendor-advisory |
| http://www.securitytracker.com/id/1035721 | vdb-entry |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisory |
| http://www.oracle.com/technetwork/security-adviso… | |
| https://h20566.www2.hpe.com/hpsc/doc/public/displ… | |
| http://www.oracle.com/technetwork/topics/security… | |
| http://www.securityfocus.com/bid/89746 | vdb-entry |
| http://lists.apple.com/archives/security-announce… | vendor-advisory |
| https://www.tenable.com/security/tns-2016-18 | |
| https://kb.pulsesecure.net/articles/Pulse_Securit… | |
| https://security.netapp.com/advisory/ntap-2016050… | |
| http://www.securityfocus.com/bid/91787 | vdb-entry |
| https://www.openssl.org/news/secadv/20160503.txt | |
| https://support.apple.com/HT206903 | |
| https://bto.bluecoat.com/security-advisory/sa123 | |
| https://cert-portal.siemens.com/productcert/pdf/s… |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "89746",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/89746"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "89746",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/89746"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2176",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1392 (GCVE-0-2016-1392)
Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1035736 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
Date Public ?
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035736"
},
{
"name": "20160503 Cisco Prime Collaboration Assurance Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035736"
},
{
"name": "20160503 Cisco Prime Collaboration Assurance Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035736"
},
{
"name": "20160503 Cisco Prime Collaboration Assurance Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1392",
"datePublished": "2016-05-05T21:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…