Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-618
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security (SNS) versions antérieures à 4.1.1. Cette version est la seule qui corrige toutes les vulnérabilités mentionnées dans les avis Stormshield dont les liens sont présentés ici. Nous invitons nos lecteurs à faire leur propre analyse de risque quant au choix de la version qui correspond le mieux à leurs besoins. | ||
| Stormshield | N/A | Netasq versions 9.x |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security (SNS) versions ant\u00e9rieures \u00e0 4.1.1. Cette version est la seule qui corrige toutes les vuln\u00e9rabilit\u00e9s mentionn\u00e9es dans les avis Stormshield dont les liens sont pr\u00e9sent\u00e9s ici. Nous invitons nos lecteurs \u00e0 faire leur propre analyse de risque quant au choix de la version qui correspond le mieux \u00e0 leurs besoins.",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11139"
},
{
"name": "CVE-2019-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0117"
},
{
"name": "CVE-2019-11157",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11157"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2016-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
},
{
"name": "CVE-2020-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11711"
},
{
"name": "CVE-2019-14607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14607"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-0184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0184"
},
{
"name": "CVE-2019-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0123"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-618",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-013 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2020-013/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-012 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2020-012/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2019-013 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2019-013/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2019-026 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2019-026/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-011 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2020-011/"
}
]
}
CVE-2019-0184 (GCVE-0-2019-0184)
Vulnerability from cvelistv5 – Published: 2019-11-14 19:09 – Updated: 2024-08-04 17:44
VLAI?
EPSS
Summary
Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) TXT |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K41556648?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) TXT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T03:07:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K41556648?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) TXT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 Families; Intel(R) Xeon(R) E-2100 and E-2200 Processor Families with Intel(R) Processor Graphics and Intel(R) TXT may allow a privileged user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
},
{
"name": "https://support.f5.com/csp/article/K41556648?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K41556648?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0184",
"datePublished": "2019-11-14T19:09:12",
"dateReserved": "2018-11-13T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0549 (GCVE-0-2020-0549)
Vulnerability from cvelistv5 – Published: 2020-01-28 00:03 – Updated: 2024-08-04 06:02
VLAI?
EPSS
Summary
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel | Intel(R) Processors |
Affected:
see references
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0004/"
},
{
"name": "openSUSE-SU-2020:0791",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html"
},
{
"name": "DSA-4701",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4701"
},
{
"name": "[debian-lts-announce] 20200613 [SECURITY] [DLA 2248-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html"
},
{
"name": "USN-4385-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4385-1/"
},
{
"name": "FEDORA-2020-e8835a5f8e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/"
},
{
"name": "FEDORA-2020-11ddbfbdf0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Processors",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T07:06:12",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0004/"
},
{
"name": "openSUSE-SU-2020:0791",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html"
},
{
"name": "DSA-4701",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4701"
},
{
"name": "[debian-lts-announce] 20200613 [SECURITY] [DLA 2248-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html"
},
{
"name": "USN-4385-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4385-1/"
},
{
"name": "FEDORA-2020-e8835a5f8e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/"
},
{
"name": "FEDORA-2020-11ddbfbdf0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Processors",
"version": {
"version_data": [
{
"version_value": "see references"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200210-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200210-0004/"
},
{
"name": "openSUSE-SU-2020:0791",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html"
},
{
"name": "DSA-4701",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4701"
},
{
"name": "[debian-lts-announce] 20200613 [SECURITY] [DLA 2248-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html"
},
{
"name": "USN-4385-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4385-1/"
},
{
"name": "FEDORA-2020-e8835a5f8e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/"
},
{
"name": "FEDORA-2020-11ddbfbdf0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0549",
"datePublished": "2020-01-28T00:03:16",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11139 (GCVE-0-2019-11139)
Vulnerability from cvelistv5 – Published: 2019-11-14 18:18 – Updated: 2024-08-04 22:48
VLAI?
EPSS
Summary
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
},
{
"name": "openSUSE-SU-2019:2527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html"
},
{
"name": "openSUSE-SU-2019:2528",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03969en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42433061?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/28"
},
{
"name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T00:06:32",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
},
{
"name": "openSUSE-SU-2019:2527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html"
},
{
"name": "openSUSE-SU-2019:2528",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03969en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42433061?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/28"
},
{
"name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) Xeon(R) Scalable Processors Voltage Setting Modulation",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
},
{
"name": "openSUSE-SU-2019:2527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html"
},
{
"name": "openSUSE-SU-2019:2528",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03969en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03969en_us"
},
{
"name": "https://support.f5.com/csp/article/K42433061?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42433061?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "20191216 [SECURITY] [DSA 4565-2] intel-microcode security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/28"
},
{
"name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2051-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11139",
"datePublished": "2019-11-14T18:18:56",
"dateReserved": "2019-04-11T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14607 (GCVE-0-2019-14607)
Vulnerability from cvelistv5 – Published: 2019-12-16 19:10 – Updated: 2024-08-05 00:19
VLAI?
EPSS
Summary
Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege, Denial of Service, Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel® Processors |
Affected:
See References
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191217-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel\u00ae Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See References"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in multiple Intel\u00ae Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Denial of Service, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T03:06:05",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191217-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_42"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-14607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel\u00ae Processors",
"version": {
"version_data": [
{
"version_value": "See References"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper conditions check in multiple Intel\u00ae Processors may allow an authenticated user to potentially enable partial escalation of privilege, denial of service and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191217-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191217-0002/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_42",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_42"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-14607",
"datePublished": "2019-12-16T19:10:09",
"dateReserved": "2019-08-03T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0548 (GCVE-0-2020-0548)
Vulnerability from cvelistv5 – Published: 2020-01-28 00:02 – Updated: 2024-08-04 06:02
VLAI?
EPSS
Summary
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel | Intel(R) Processors |
Affected:
see references
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:02:52.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0004/"
},
{
"name": "openSUSE-SU-2020:0791",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html"
},
{
"name": "DSA-4701",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4701"
},
{
"name": "[debian-lts-announce] 20200613 [SECURITY] [DLA 2248-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html"
},
{
"name": "USN-4385-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4385-1/"
},
{
"name": "FEDORA-2020-e8835a5f8e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/"
},
{
"name": "FEDORA-2020-11ddbfbdf0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Processors",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-26T02:06:08",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0004/"
},
{
"name": "openSUSE-SU-2020:0791",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html"
},
{
"name": "DSA-4701",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4701"
},
{
"name": "[debian-lts-announce] 20200613 [SECURITY] [DLA 2248-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html"
},
{
"name": "USN-4385-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4385-1/"
},
{
"name": "FEDORA-2020-e8835a5f8e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/"
},
{
"name": "FEDORA-2020-11ddbfbdf0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2020-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Processors",
"version": {
"version_data": [
{
"version_value": "see references"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200210-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200210-0004/"
},
{
"name": "openSUSE-SU-2020:0791",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html"
},
{
"name": "DSA-4701",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4701"
},
{
"name": "[debian-lts-announce] 20200613 [SECURITY] [DLA 2248-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html"
},
{
"name": "USN-4385-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4385-1/"
},
{
"name": "FEDORA-2020-e8835a5f8e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y/"
},
{
"name": "FEDORA-2020-11ddbfbdf0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2020-0548",
"datePublished": "2020-01-28T00:02:29",
"dateReserved": "2019-10-28T00:00:00",
"dateUpdated": "2024-08-04T06:02:52.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0117 (GCVE-0-2019-0117)
Vulnerability from cvelistv5 – Published: 2019-11-14 19:08 – Updated: 2024-08-04 17:44
VLAI?
EPSS
Summary
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) SGX with Intel(R) Processor Graphics Update |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K73837233?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) SGX with Intel(R) Processor Graphics Update",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 \u0026 E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T09:06:58",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K73837233?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) SGX with Intel(R) Processor Graphics Update",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 \u0026 E-2200 Processor Families with Intel(R) Processor Graphics may allow a privileged user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
},
{
"name": "https://support.f5.com/csp/article/K73837233?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K73837233?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0117",
"datePublished": "2019-11-14T19:08:20",
"dateReserved": "2018-11-13T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12207 (GCVE-0-2018-12207)
Vulnerability from cvelistv5 – Published: 2019-11-14 19:08 – Updated: 2024-08-05 08:30
VLAI?
EPSS
Summary
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) Processor Machine Check Error |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:58.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-376ec5c107",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "RHSA-2019:3916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHSA-2019:3936",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3936"
},
{
"name": "RHSA-2019:3941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "FEDORA-2019-cbb732f760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "openSUSE-SU-2019:2710",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html"
},
{
"name": "RHSA-2020:0026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0026"
},
{
"name": "RHSA-2020:0028",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0028"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K17269881?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) Processor Machine Check Error",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "FEDORA-2019-376ec5c107",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "RHSA-2019:3916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHSA-2019:3936",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3936"
},
{
"name": "RHSA-2019:3941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "USN-4186-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "FEDORA-2019-cbb732f760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "openSUSE-SU-2019:2710",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html"
},
{
"name": "RHSA-2020:0026",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0026"
},
{
"name": "RHSA-2020:0028",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0028"
},
{
"name": "DSA-4602",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "GLSA-202003-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K17269881?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) Processor Machine Check Error",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-376ec5c107",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/"
},
{
"name": "RHSA-2019:3916",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3916"
},
{
"name": "RHSA-2019:3936",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3936"
},
{
"name": "RHSA-2019:3941",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3941"
},
{
"name": "USN-4186-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-2/"
},
{
"name": "FEDORA-2019-cbb732f760",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/"
},
{
"name": "openSUSE-SU-2019:2710",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html"
},
{
"name": "RHSA-2020:0026",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0026"
},
{
"name": "RHSA-2020:0028",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0028"
},
{
"name": "DSA-4602",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4602"
},
{
"name": "20200114 [SECURITY] [DSA 4602-1] xen security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/21"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
},
{
"name": "GLSA-202003-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-56"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
},
{
"name": "https://support.f5.com/csp/article/K17269881?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K17269881?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12207",
"datePublished": "2019-11-14T19:08:45",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:58.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11157 (GCVE-0-2019-11157)
Vulnerability from cvelistv5 – Published: 2019-12-16 19:12 – Updated: 2024-08-04 22:48
VLAI?
EPSS
Summary
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege, Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Affected:
See References
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191217-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K10321239?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See References"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T22:09:05",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191217-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K10321239?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Processors",
"version": {
"version_data": [
{
"version_value": "See References"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191217-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191217-0001/"
},
{
"name": "https://support.f5.com/csp/article/K10321239?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K10321239?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11157",
"datePublished": "2019-12-16T19:12:29",
"dateReserved": "2019-04-11T00:00:00",
"dateUpdated": "2024-08-04T22:48:08.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0123 (GCVE-0-2019-0123)
Vulnerability from cvelistv5 – Published: 2019-11-14 19:07 – Updated: 2024-08-04 17:44
VLAI?
EPSS
Summary
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) SGX and TXT |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K81556107?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) SGX and TXT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T10:07:06",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K81556107?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) SGX and TXT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
},
{
"name": "https://support.f5.com/csp/article/K81556107?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K81556107?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0123",
"datePublished": "2019-11-14T19:07:45",
"dateReserved": "2018-11-13T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11711 (GCVE-0-2020-11711)
Vulnerability from cvelistv5 – Published: 2023-08-25 00:00 – Updated: 2024-10-02 18:12
VLAI?
EPSS
Summary
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.digitemis.com/category/blog/actualite/"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/_ACKNAK_"
},
{
"tags": [
"x_transferred"
],
"url": "https://advisories.stormshield.eu/2020-011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:11:43.071000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:12:05.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim\u0027s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-25T15:53:55.355471",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.digitemis.com/category/blog/actualite/"
},
{
"url": "https://twitter.com/_ACKNAK_"
},
{
"url": "https://advisories.stormshield.eu/2020-011/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11711",
"datePublished": "2023-08-25T00:00:00",
"dateReserved": "2020-04-12T00:00:00",
"dateUpdated": "2024-10-02T18:12:05.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8858 (GCVE-0-2016-8858)
Vulnerability from cvelistv5 – Published: 2016-12-09 00:00 – Updated: 2024-08-06 02:35
VLAI?
EPSS
Summary
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:01.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93776",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93776"
},
{
"name": "[oss-security] 20161020 Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/20/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180201-0001/"
},
{
"name": "[oss-security] 20161019 CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/19/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"
},
{
"name": "FreeBSD-SA-16:33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"
},
{
"name": "1037057",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037057"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860"
},
{
"tags": [
"x_transferred"
],
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that \"OpenSSH upstream does not consider this as a security issue.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93776",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93776"
},
{
"name": "[oss-security] 20161020 Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/20/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20180201-0001/"
},
{
"name": "[oss-security] 20161019 CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/19/3"
},
{
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h"
},
{
"url": "https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig"
},
{
"name": "FreeBSD-SA-16:33",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc"
},
{
"name": "1037057",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037057"
},
{
"name": "GLSA-201612-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-18"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384860"
},
{
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8858",
"datePublished": "2016-12-09T00:00:00",
"dateReserved": "2016-10-19T00:00:00",
"dateUpdated": "2024-08-06T02:35:01.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…