Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-524
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | Safari | Safari versions antérieures à 12.0.1 | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.6 | ||
| Apple | N/A | iOS versions antérieures à 12.1 | ||
| Apple | N/A | watchOS versions antérieures à 5.1 | ||
| Apple | macOS | macOS High Sierra versions antérieures à 10.13.6 | ||
| Apple | N/A | tvOS versions antérieures à 12.1 | ||
| Apple | N/A | iCloud for Windows versions antérieures à 7.8 | ||
| Apple | macOS | macOS Mojave versions antérieures à 10.14 | ||
| Apple | N/A | iTunes versions antérieures à 12.9.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Safari versions ant\u00e9rieures \u00e0 12.0.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud for Windows versions ant\u00e9rieures \u00e0 7.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Mojave versions ant\u00e9rieures \u00e0 10.14",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4310"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-4391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4391"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-4368",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4368"
},
{
"name": "CVE-2018-4395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4395"
},
{
"name": "CVE-2018-4425",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4425"
},
{
"name": "CVE-2018-4259",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4259"
},
{
"name": "CVE-2018-4400",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4400"
},
{
"name": "CVE-2018-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4415"
},
{
"name": "CVE-2018-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4427"
},
{
"name": "CVE-2018-4369",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4369"
},
{
"name": "CVE-2018-4396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4396"
},
{
"name": "CVE-2018-4291",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4291"
},
{
"name": "CVE-2017-12618",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12618"
},
{
"name": "CVE-2018-4374",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4374"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2018-4350",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4350"
},
{
"name": "CVE-2018-4386",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4386"
},
{
"name": "CVE-2018-4417",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4417"
},
{
"name": "CVE-2018-4331",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4331"
},
{
"name": "CVE-2018-4398",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4398"
},
{
"name": "CVE-2018-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4412"
},
{
"name": "CVE-2018-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4420"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-4392",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4392"
},
{
"name": "CVE-2018-4409",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4409"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2018-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4419"
},
{
"name": "CVE-2018-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4371"
},
{
"name": "CVE-2018-4348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4348"
},
{
"name": "CVE-2018-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4382"
},
{
"name": "CVE-2018-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4424"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2018-4288",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4288"
},
{
"name": "CVE-2018-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4203"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2018-4402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4402"
},
{
"name": "CVE-2018-4377",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4377"
},
{
"name": "CVE-2018-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4378"
},
{
"name": "CVE-2018-4341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4341"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-4426",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4426"
},
{
"name": "CVE-2018-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4367"
},
{
"name": "CVE-2018-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4399"
},
{
"name": "CVE-2018-4342",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4342"
},
{
"name": "CVE-2018-4389",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4389"
},
{
"name": "CVE-2018-4403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4403"
},
{
"name": "CVE-2018-4411",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4411"
},
{
"name": "CVE-2018-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4408"
},
{
"name": "CVE-2018-4375",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4375"
},
{
"name": "CVE-2018-4418",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4418"
},
{
"name": "CVE-2018-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4340"
},
{
"name": "CVE-2018-4394",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4394"
},
{
"name": "CVE-2018-4365",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4365"
},
{
"name": "CVE-2018-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6797"
},
{
"name": "CVE-2018-4308",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4308"
},
{
"name": "CVE-2018-4126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4126"
},
{
"name": "CVE-2018-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4376"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2018-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4286"
},
{
"name": "CVE-2018-4334",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4334"
},
{
"name": "CVE-2018-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4304"
},
{
"name": "CVE-2018-4393",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4393"
},
{
"name": "CVE-2018-4354",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4354"
},
{
"name": "CVE-2018-4406",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4406"
},
{
"name": "CVE-2018-4372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4372"
},
{
"name": "CVE-2018-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
},
{
"name": "CVE-2018-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4287"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2018-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4423"
},
{
"name": "CVE-2018-4385",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4385"
},
{
"name": "CVE-2018-4153",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4153"
},
{
"name": "CVE-2018-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
},
{
"name": "CVE-2018-4388",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4388"
},
{
"name": "CVE-2018-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4373"
},
{
"name": "CVE-2018-4295",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4295"
},
{
"name": "CVE-2018-4416",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4416"
},
{
"name": "CVE-2018-4366",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4366"
},
{
"name": "CVE-2018-4401",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4401"
},
{
"name": "CVE-2018-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4410"
},
{
"name": "CVE-2018-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4242"
},
{
"name": "CVE-2018-4384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4384"
},
{
"name": "CVE-2018-4422",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4422"
},
{
"name": "CVE-2018-4413",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4413"
},
{
"name": "CVE-2018-4407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4407"
},
{
"name": "CVE-2018-4346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4346"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-4387",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4387"
},
{
"name": "CVE-2018-4326",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4326"
},
{
"name": "CVE-2018-4390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4390"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209192 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209193 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209193"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209195 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209195"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209196 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209197 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209197"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209194 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209194"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT209198 du 30 octobre 2018",
"url": "https://support.apple.com/en-us/HT209198"
}
]
}
CVE-2017-0898 (GCVE-0-2017-0898)
Vulnerability from cvelistv5 – Published: 2017-09-15 19:00 – Updated: 2024-09-17 01:36
VLAI
EPSS
VEX
Summary
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Severity
No CVSS data available.
CWE
- CWE-134 - Format String Vulnerability (CWE-134)
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/3685-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://hackerone.com/reports/212241 | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2018:0585 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0378 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2017/dsa-4031 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/100862 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1039363 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2017:3485 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:0583 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/mruby/mruby/issues/3722 | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2017/09/14/spri… | x_refsource_MISC |
| https://security.gentoo.org/glsa/201710-18 | vendor-advisoryx_refsource_GENTOO |
Impacted products
Date Public
2017-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/212241"
},
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "DSA-4031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"name": "100862",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100862"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/issues/3722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ruby",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "Versions before 2.4.2, 2.3.5, and 2.2.8"
}
]
}
],
"datePublic": "2017-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "Format String Vulnerability (CWE-134)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/212241"
},
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "DSA-4031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"name": "100862",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100862"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/issues/3722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-09-15T00:00:00",
"ID": "CVE-2017-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "Versions before 2.4.2, 2.3.5, and 2.2.8"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Format String Vulnerability (CWE-134)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3685-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "https://hackerone.com/reports/212241",
"refsource": "MISC",
"url": "https://hackerone.com/reports/212241"
},
{
"name": "RHSA-2018:0585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "RHSA-2018:0378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "DSA-4031",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"name": "100862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100862"
},
{
"name": "1039363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "https://github.com/mruby/mruby/issues/3722",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/issues/3722"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/",
"refsource": "MISC",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/"
},
{
"name": "GLSA-201710-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0898",
"datePublished": "2017-09-15T19:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:46.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10784 (GCVE-0-2017-10784)
Vulnerability from cvelistv5 – Published: 2017-09-19 17:00 – Updated: 2024-08-05 17:50
VLAI
EPSS
VEX
Summary
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "USN-3528-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3528-1/"
},
{
"name": "100853",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "DSA-4031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "USN-3528-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3528-1/"
},
{
"name": "100853",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "DSA-4031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3685-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "RHSA-2018:0585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "USN-3528-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3528-1/"
},
{
"name": "100853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100853"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "DSA-4031",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"
},
{
"name": "GLSA-201710-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10784",
"datePublished": "2017-09-19T17:00:00.000Z",
"dateReserved": "2017-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:11.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12613 (GCVE-0-2017-12613)
Vulnerability from cvelistv5 – Published: 2017-10-24 01:00 – Updated: 2024-08-05 18:43
VLAI
EPSS
VEX
Summary
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Portable Runtime |
Affected:
1.6.2 and prior
|
Date Public
2017-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
},
{
"name": "RHSA-2018:0316",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2017:3475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "RHSA-2018:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"name": "RHSA-2017:3270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3270"
},
{
"name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2017:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "RHSA-2018:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1253"
},
{
"name": "RHSA-2017:3477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "RHSA-2018:0466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "101560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101560"
},
{
"name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"
},
{
"name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"
},
{
"name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"
},
{
"name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
},
{
"name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"
},
{
"name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Portable Runtime",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.6.2 and prior"
}
]
}
],
"datePublic": "2017-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T01:06:07.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
},
{
"name": "RHSA-2018:0316",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2017:3475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "RHSA-2018:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"name": "RHSA-2017:3270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3270"
},
{
"name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2017:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "RHSA-2018:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1253"
},
{
"name": "RHSA-2017:3477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "RHSA-2018:0466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "101560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101560"
},
{
"name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"
},
{
"name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"
},
{
"name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"
},
{
"name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
},
{
"name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"
},
{
"name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-12613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Portable Runtime",
"version": {
"version_data": [
{
"version_value": "1.6.2 and prior"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"
},
{
"name": "RHSA-2018:0316",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0316"
},
{
"name": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2017:3475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3475"
},
{
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name": "http://www.apache.org/dist/apr/Announcement1.x.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/Announcement1.x.html"
},
{
"name": "RHSA-2017:3270",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3270"
},
{
"name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2017:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3476"
},
{
"name": "RHSA-2018:1253",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1253"
},
{
"name": "RHSA-2017:3477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3477"
},
{
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"name": "101560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101560"
},
{
"name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3Ccommits.apr.apache.org%3E"
},
{
"name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3Ccommits.apr.apache.org%3E"
},
{
"name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3Cdev.apr.apache.org%3E"
},
{
"name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/23/1"
},
{
"name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3Cannounce.apache.org%3E"
},
{
"name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8@%3Cdev.apr.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12613",
"datePublished": "2017-10-24T01:00:00.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12618 (GCVE-0-2017-12618)
Vulnerability from cvelistv5 – Published: 2017-10-24 01:00 – Updated: 2024-08-05 18:43
VLAI
EPSS
VEX
Summary
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2017… | mailing-listx_refsource_MLIST |
| http://www.securitytracker.com/id/1042004 | vdb-entryx_refsource_SECTRACK |
| http://mail-archives.apache.org/mod_mbox/apr-dev/… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/101558 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Portable Runtime |
Affected:
1.6.0 and prior
|
Date Public
2017-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E"
},
{
"name": "101558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Portable Runtime",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.6.0 and prior"
}
]
}
],
"datePublic": "2017-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E"
},
{
"name": "101558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-12618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Portable Runtime",
"version": {
"version_data": [
{
"version_value": "1.6.0 and prior"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1163-1] apr-util security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E"
},
{
"name": "101558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12618",
"datePublished": "2017-10-24T01:00:00.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14033 (GCVE-0-2017-14033)
Vulnerability from cvelistv5 – Published: 2017-09-19 17:00 – Updated: 2024-08-05 19:13
VLAI
EPSS
VEX
Summary
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:0585 | vendor-advisoryx_refsource_REDHAT |
| https://www.ruby-lang.org/en/news/2017/09/14/ruby… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0378 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1042004 | vdb-entryx_refsource_SECTRACK |
| https://www.debian.org/security/2017/dsa-4031 | vendor-advisoryx_refsource_DEBIAN |
| https://www.ruby-lang.org/en/news/2017/09/14/ruby… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1039363 | vdb-entryx_refsource_SECTRACK |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:0583 | vendor-advisoryx_refsource_REDHAT |
| https://www.ruby-lang.org/en/news/2017/09/14/open… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100868 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201710-18 | vendor-advisoryx_refsource_GENTOO |
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "DSA-4031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"
},
{
"name": "100868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100868"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "DSA-4031",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"
},
{
"name": "100868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100868"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "DSA-4031",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4031"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/"
},
{
"name": "100868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100868"
},
{
"name": "GLSA-201710-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14033",
"datePublished": "2017-09-19T17:00:00.000Z",
"dateReserved": "2017-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:13:41.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14064 (GCVE-0-2017-14064)
Vulnerability from cvelistv5 – Published: 2017-08-31 17:00 – Updated: 2024-08-05 19:13
VLAI
EPSS
VEX
Summary
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "DSA-3966",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/209949"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ruby-lang.org/issues/13853"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85"
},
{
"name": "100890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100890"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a \u0027\\0\u0027 byte, returning a pointer to a string of length zero, which is not the length stored in space_len."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "DSA-3966",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/209949"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ruby-lang.org/issues/13853"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85"
},
{
"name": "100890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100890"
},
{
"name": "GLSA-201710-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201710-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a \u0027\\0\u0027 byte, returning a pointer to a string of length zero, which is not the length stored in space_len."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3685-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "RHSA-2018:0585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "DSA-3966",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3966"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-3-5-released/"
},
{
"name": "RHSA-2018:0378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "https://hackerone.com/reports/209949",
"refsource": "MISC",
"url": "https://hackerone.com/reports/209949"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-2-8-released/"
},
{
"name": "1039363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039363"
},
{
"name": "RHSA-2017:3485",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3485"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "https://bugs.ruby-lang.org/issues/13853",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/13853"
},
{
"name": "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85",
"refsource": "MISC",
"url": "https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85"
},
{
"name": "100890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100890"
},
{
"name": "GLSA-201710-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14064",
"datePublished": "2017-08-31T17:00:00.000Z",
"dateReserved": "2017-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:13:41.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17405 (GCVE-0-2017-17405)
Vulnerability from cvelistv5 – Published: 2017-12-15 09:00 – Updated: 2024-08-05 20:51
VLAI
EPSS
VEX
Summary
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2017-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "102204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102204"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/"
},
{
"name": "43381",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43381/"
},
{
"name": "RHSA-2018:0584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"
},
{
"name": "DSA-4259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"name": "RHSA-2019:2806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-19T09:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:0585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"
},
{
"name": "RHSA-2018:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "102204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102204"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/"
},
{
"name": "43381",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43381/"
},
{
"name": "RHSA-2018:0584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"
},
{
"name": "DSA-4259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"name": "RHSA-2019:2806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0585",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0585"
},
{
"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html"
},
{
"name": "RHSA-2018:0378",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0378"
},
{
"name": "102204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102204"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/"
},
{
"name": "43381",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43381/"
},
{
"name": "RHSA-2018:0584",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0584"
},
{
"name": "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "[debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html"
},
{
"name": "DSA-4259",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"name": "RHSA-2019:2806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17405",
"datePublished": "2017-12-15T09:00:00.000Z",
"dateReserved": "2017-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:51:31.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17742 (GCVE-0-2017-17742)
Vulnerability from cvelistv5 – Published: 2018-04-03 00:00 – Updated: 2024-08-05 20:59
VLAI
EPSS
VEX
Summary
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2018-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"name": "103684",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103684"
},
{
"name": "RHSA-2018:3729",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:3730",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"name": "RHSA-2018:3731",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name": "DSA-4259",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"name": "openSUSE-SU-2019:1771",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:2028",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2028"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html"
},
{
"name": "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html"
},
{
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3685-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"name": "103684",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/103684"
},
{
"name": "RHSA-2018:3729",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "1042004",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:3730",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"name": "RHSA-2018:3731",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"url": "https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/"
},
{
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name": "DSA-4259",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"name": "openSUSE-SU-2019:1771",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html"
},
{
"name": "RHSA-2019:2028",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2028"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2027-1] jruby security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html"
},
{
"name": "[debian-lts-announce] 20200816 [SECURITY] [DLA 2330-1] jruby security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html"
},
{
"name": "[debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17742",
"datePublished": "2018-04-03T00:00:00.000Z",
"dateReserved": "2017-12-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3639 (GCVE-0-2018-3639)
Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2026-05-29 20:14
VLAI
EPSS
VEX
Summary
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information Disclosure
- CWE-203 - Observable Discrepancy
Assigner
References
147 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel Corporation | Multiple |
Affected:
Multiple
|
Date Public
2018-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1689"
},
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "RHSA-2018:1641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1641"
},
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"name": "RHSA-2018:1665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1665"
},
{
"name": "RHSA-2018:3407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"name": "RHSA-2018:2164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "RHSA-2018:2001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"name": "RHSA-2018:3423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3423"
},
{
"name": "RHSA-2018:2003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"name": "USN-3654-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "RHSA-2018:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1645"
},
{
"name": "RHSA-2018:1643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1643"
},
{
"name": "RHSA-2018:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1652"
},
{
"name": "RHSA-2018:3424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3424"
},
{
"name": "RHSA-2018:3402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3402"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "RHSA-2018:1656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1656"
},
{
"name": "RHSA-2018:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1664"
},
{
"name": "RHSA-2018:2258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"name": "RHSA-2018:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1688"
},
{
"name": "RHSA-2018:1658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1658"
},
{
"name": "RHSA-2018:1657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1657"
},
{
"name": "RHSA-2018:2289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"name": "RHSA-2018:1666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1666"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1675"
},
{
"name": "RHSA-2018:1660",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1660"
},
{
"name": "RHSA-2018:1965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"name": "RHSA-2018:1661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1661"
},
{
"name": "RHSA-2018:1633",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1633"
},
{
"name": "RHSA-2018:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1636"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2006"
},
{
"name": "RHSA-2018:2250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "RHSA-2018:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3401"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "RHSA-2018:1826",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1826"
},
{
"name": "USN-3651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"name": "DSA-4210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"name": "44695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"name": "RHSA-2018:1651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1651"
},
{
"name": "RHSA-2018:1638",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1638"
},
{
"name": "RHSA-2018:1696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1696"
},
{
"name": "RHSA-2018:2246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"name": "RHSA-2018:1644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1644"
},
{
"name": "RHSA-2018:1646",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1646"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:1639",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1639"
},
{
"name": "RHSA-2018:1668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1668"
},
{
"name": "RHSA-2018:1637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1637"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "RHSA-2018:1686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1686"
},
{
"name": "RHSA-2018:2172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"name": "RHSA-2018:1663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1663"
},
{
"name": "USN-3652-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"name": "RHSA-2018:1629",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1629"
},
{
"name": "RHSA-2018:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1655"
},
{
"name": "RHSA-2018:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1640"
},
{
"name": "RHSA-2018:1669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1669"
},
{
"name": "RHSA-2018:1676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1676"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "RHSA-2018:3425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3425"
},
{
"name": "RHSA-2018:2363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2363"
},
{
"name": "RHSA-2018:1632",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1632"
},
{
"name": "RHSA-2018:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1650"
},
{
"name": "RHSA-2018:2396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name": "RHSA-2018:2364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2364"
},
{
"name": "USN-3653-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "RHSA-2018:2216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2216"
},
{
"name": "USN-3655-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "RHSA-2018:1649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1649"
},
{
"name": "RHSA-2018:2309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"name": "104232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104232"
},
{
"name": "RHSA-2018:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1653"
},
{
"name": "RHSA-2018:2171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2171"
},
{
"name": "RHSA-2018:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1635"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "RHSA-2018:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name": "RHSA-2018:1710",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1710"
},
{
"name": "RHSA-2018:1659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1659"
},
{
"name": "RHSA-2018:1711",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1711"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "RHSA-2018:1738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1738"
},
{
"name": "RHSA-2018:1674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1674"
},
{
"name": "RHSA-2018:3396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3396"
},
{
"name": "RHSA-2018:1667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1667"
},
{
"name": "USN-3654-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "RHSA-2018:1662",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1662"
},
{
"name": "RHSA-2018:1630",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1630"
},
{
"name": "RHSA-2018:1647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1647"
},
{
"name": "RHSA-2018:1967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"name": "USN-3655-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "RHSA-2018:3399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3399"
},
{
"name": "RHSA-2018:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2060"
},
{
"name": "RHSA-2018:1690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1690"
},
{
"name": "USN-3653-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "RHSA-2018:2161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "RHSA-2018:2328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"name": "RHSA-2018:1648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1648"
},
{
"name": "RHSA-2018:2387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name": "RHSA-2019:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0148"
},
{
"name": "RHSA-2018:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1654"
},
{
"name": "USN-3679-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "RHSA-2018:1642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1642"
},
{
"name": "RHSA-2018:3397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3397"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "RHSA-2018:3398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3398"
},
{
"name": "RHSA-2018:3400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3400"
},
{
"name": "RHSA-2018:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "RHSA-2019:1046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"name": "openSUSE-SU-2019:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX235225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-3639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:13:59.457681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:14:05.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"datePublic": "2018-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T20:06:27.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "RHSA-2018:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1689"
},
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "RHSA-2018:1641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1641"
},
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"name": "RHSA-2018:1665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1665"
},
{
"name": "RHSA-2018:3407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"name": "RHSA-2018:2164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "RHSA-2018:2001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"name": "RHSA-2018:3423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3423"
},
{
"name": "RHSA-2018:2003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"name": "USN-3654-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "RHSA-2018:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1645"
},
{
"name": "RHSA-2018:1643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1643"
},
{
"name": "RHSA-2018:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1652"
},
{
"name": "RHSA-2018:3424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3424"
},
{
"name": "RHSA-2018:3402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3402"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "RHSA-2018:1656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1656"
},
{
"name": "RHSA-2018:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1664"
},
{
"name": "RHSA-2018:2258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"name": "RHSA-2018:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1688"
},
{
"name": "RHSA-2018:1658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1658"
},
{
"name": "RHSA-2018:1657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1657"
},
{
"name": "RHSA-2018:2289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"name": "RHSA-2018:1666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1666"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1675"
},
{
"name": "RHSA-2018:1660",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1660"
},
{
"name": "RHSA-2018:1965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"name": "RHSA-2018:1661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1661"
},
{
"name": "RHSA-2018:1633",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1633"
},
{
"name": "RHSA-2018:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1636"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2006"
},
{
"name": "RHSA-2018:2250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "RHSA-2018:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3401"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "RHSA-2018:1826",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1826"
},
{
"name": "USN-3651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"name": "DSA-4210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"name": "44695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"name": "RHSA-2018:1651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1651"
},
{
"name": "RHSA-2018:1638",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1638"
},
{
"name": "RHSA-2018:1696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1696"
},
{
"name": "RHSA-2018:2246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"name": "RHSA-2018:1644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1644"
},
{
"name": "RHSA-2018:1646",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1646"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:1639",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1639"
},
{
"name": "RHSA-2018:1668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1668"
},
{
"name": "RHSA-2018:1637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1637"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "RHSA-2018:1686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1686"
},
{
"name": "RHSA-2018:2172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"name": "RHSA-2018:1663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1663"
},
{
"name": "USN-3652-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"name": "RHSA-2018:1629",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1629"
},
{
"name": "RHSA-2018:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1655"
},
{
"name": "RHSA-2018:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1640"
},
{
"name": "RHSA-2018:1669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1669"
},
{
"name": "RHSA-2018:1676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1676"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "RHSA-2018:3425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3425"
},
{
"name": "RHSA-2018:2363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2363"
},
{
"name": "RHSA-2018:1632",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1632"
},
{
"name": "RHSA-2018:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1650"
},
{
"name": "RHSA-2018:2396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name": "RHSA-2018:2364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2364"
},
{
"name": "USN-3653-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "RHSA-2018:2216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2216"
},
{
"name": "USN-3655-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "RHSA-2018:1649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1649"
},
{
"name": "RHSA-2018:2309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"name": "104232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104232"
},
{
"name": "RHSA-2018:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1653"
},
{
"name": "RHSA-2018:2171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2171"
},
{
"name": "RHSA-2018:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1635"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "RHSA-2018:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name": "RHSA-2018:1710",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1710"
},
{
"name": "RHSA-2018:1659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1659"
},
{
"name": "RHSA-2018:1711",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1711"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "RHSA-2018:1738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1738"
},
{
"name": "RHSA-2018:1674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1674"
},
{
"name": "RHSA-2018:3396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3396"
},
{
"name": "RHSA-2018:1667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1667"
},
{
"name": "USN-3654-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "RHSA-2018:1662",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1662"
},
{
"name": "RHSA-2018:1630",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1630"
},
{
"name": "RHSA-2018:1647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1647"
},
{
"name": "RHSA-2018:1967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"name": "USN-3655-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "RHSA-2018:3399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3399"
},
{
"name": "RHSA-2018:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2060"
},
{
"name": "RHSA-2018:1690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1690"
},
{
"name": "USN-3653-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "RHSA-2018:2161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "RHSA-2018:2328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"name": "RHSA-2018:1648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1648"
},
{
"name": "RHSA-2018:2387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name": "RHSA-2019:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0148"
},
{
"name": "RHSA-2018:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1654"
},
{
"name": "USN-3679-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "RHSA-2018:1642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1642"
},
{
"name": "RHSA-2018:3397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3397"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "RHSA-2018:3398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3398"
},
{
"name": "RHSA-2018:3400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3400"
},
{
"name": "RHSA-2018:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "RHSA-2019:1046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"name": "openSUSE-SU-2019:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX235225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-3639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1689",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1689"
},
{
"name": "RHSA-2018:2162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "RHSA-2018:1641",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1641"
},
{
"name": "USN-3680-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1997",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"name": "RHSA-2018:1665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1665"
},
{
"name": "RHSA-2018:3407",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"name": "RHSA-2018:2164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "RHSA-2018:2001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"name": "RHSA-2018:3423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3423"
},
{
"name": "RHSA-2018:2003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"name": "USN-3654-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "RHSA-2018:1645",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1645"
},
{
"name": "RHSA-2018:1643",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1643"
},
{
"name": "RHSA-2018:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1652"
},
{
"name": "RHSA-2018:3424",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3424"
},
{
"name": "RHSA-2018:3402",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3402"
},
{
"name": "TA18-141A",
"refsource": "CERT",
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "RHSA-2018:1656",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1656"
},
{
"name": "RHSA-2018:1664",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1664"
},
{
"name": "RHSA-2018:2258",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"name": "RHSA-2018:1688",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1688"
},
{
"name": "RHSA-2018:1658",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1658"
},
{
"name": "RHSA-2018:1657",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1657"
},
{
"name": "RHSA-2018:2289",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"name": "RHSA-2018:1666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1666"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1675"
},
{
"name": "RHSA-2018:1660",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1660"
},
{
"name": "RHSA-2018:1965",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"name": "RHSA-2018:1661",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1661"
},
{
"name": "RHSA-2018:1633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1633"
},
{
"name": "RHSA-2018:1636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1636"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:2006",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2006"
},
{
"name": "RHSA-2018:2250",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"name": "1040949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "RHSA-2018:3401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3401"
},
{
"name": "RHSA-2018:1737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "RHSA-2018:1826",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1826"
},
{
"name": "USN-3651-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"name": "DSA-4210",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"name": "44695",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"name": "RHSA-2018:1651",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1651"
},
{
"name": "RHSA-2018:1638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1638"
},
{
"name": "RHSA-2018:1696",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1696"
},
{
"name": "RHSA-2018:2246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"name": "RHSA-2018:1644",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1644"
},
{
"name": "RHSA-2018:1646",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1646"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:1639",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1639"
},
{
"name": "RHSA-2018:1668",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1668"
},
{
"name": "RHSA-2018:1637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1637"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "RHSA-2018:1686",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1686"
},
{
"name": "RHSA-2018:2172",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"name": "RHSA-2018:1663",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1663"
},
{
"name": "USN-3652-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"name": "RHSA-2018:1629",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1629"
},
{
"name": "RHSA-2018:1655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1655"
},
{
"name": "RHSA-2018:1640",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1640"
},
{
"name": "RHSA-2018:1669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1669"
},
{
"name": "RHSA-2018:1676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1676"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "RHSA-2018:3425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3425"
},
{
"name": "RHSA-2018:2363",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2363"
},
{
"name": "RHSA-2018:1632",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1632"
},
{
"name": "RHSA-2018:1650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1650"
},
{
"name": "RHSA-2018:2396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name": "RHSA-2018:2364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2364"
},
{
"name": "USN-3653-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "RHSA-2018:2216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2216"
},
{
"name": "USN-3655-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "RHSA-2018:1649",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1649"
},
{
"name": "RHSA-2018:2309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"name": "104232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104232"
},
{
"name": "RHSA-2018:1653",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1653"
},
{
"name": "RHSA-2018:2171",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2171"
},
{
"name": "RHSA-2018:1635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1635"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "RHSA-2018:2394",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name": "RHSA-2018:1710",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1710"
},
{
"name": "RHSA-2018:1659",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1659"
},
{
"name": "RHSA-2018:1711",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1711"
},
{
"name": "DSA-4273",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "RHSA-2018:1738",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1738"
},
{
"name": "RHSA-2018:1674",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1674"
},
{
"name": "RHSA-2018:3396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3396"
},
{
"name": "RHSA-2018:1667",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1667"
},
{
"name": "USN-3654-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "RHSA-2018:1662",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1662"
},
{
"name": "RHSA-2018:1630",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1630"
},
{
"name": "RHSA-2018:1647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1647"
},
{
"name": "RHSA-2018:1967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "RHSA-2018:3399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3399"
},
{
"name": "RHSA-2018:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2060"
},
{
"name": "RHSA-2018:1690",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1690"
},
{
"name": "USN-3653-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "RHSA-2018:2161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "RHSA-2018:2328",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"name": "RHSA-2018:1648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1648"
},
{
"name": "RHSA-2018:2387",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name": "RHSA-2019:0148",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0148"
},
{
"name": "RHSA-2018:1654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1654"
},
{
"name": "USN-3679-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "RHSA-2018:1642",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1642"
},
{
"name": "RHSA-2018:3397",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3397"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "USN-3756-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "RHSA-2018:3398",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3398"
},
{
"name": "RHSA-2018:3400",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3400"
},
{
"name": "RHSA-2018:2228",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "RHSA-2019:1046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"name": "openSUSE-SU-2019:1439",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"name": "https://support.citrix.com/article/CTX235225",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX235225"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_23",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-263.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
"refsource": "CONFIRM",
"url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3639",
"datePublished": "2018-05-22T12:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:14:05.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-3640 (GCVE-0-2018-3640)
Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2024-09-16 19:31
VLAI
EPSS
VEX
Summary
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
22 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel Corporation | Multiple |
Affected:
Multiple
|
Date Public
2018-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"datePublic": "2018-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T12:06:05.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-3640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "TA18-141A",
"refsource": "CERT",
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "1040949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0005"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_23",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180013"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "DSA-4273",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "104228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104228"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "USN-3756-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3640",
"datePublished": "2018-05-22T12:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:31:35.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…