Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for aura_system_manager by avaya

    CVE-2024-7480 (GCVE-0-2024-7480)

    Vulnerability from nvd – Published: 2024-08-08 16:04 – Updated: 2025-10-01 01:33
    VLAI
    Title
    Improper access control in Avaya Aura System Manager
    Summary
    An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Aura System Manager Affected: 10.1.x.x
    Affected: 10.2.x.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T18:37:59.919717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T18:40:15.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Aura System Manager",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.x.x"
                },
                {
                  "status": "affected",
                  "version": "10.2.x.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u0026nbsp;Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
                }
              ],
              "value": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-01T01:33:36.494Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101091159"
            }
          ],
          "source": {
            "defect": [
              "ZEPHYR-70310"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Improper access control in Avaya Aura System Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2024-7480",
        "datePublished": "2024-08-08T16:04:25.989Z",
        "dateReserved": "2024-08-05T08:33:54.944Z",
        "dateUpdated": "2025-10-01T01:33:36.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7477 (GCVE-0-2024-7477)

    Vulnerability from nvd – Published: 2024-08-08 16:02 – Updated: 2024-08-09 18:21
    VLAI
    Title
    Avaya Aura System Manager SQL injection vulnerability
    Summary
    A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Aura System Manager Affected: 10.1.x.x
    Affected: 10.2.x.x
    Create a notification for this product.
    avaya aura_system_manager Affected: 10.1.x.x
    Affected: 10.2.x.x
        cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aura_system_manager",
                "vendor": "avaya",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.1.x.x"
                  },
                  {
                    "status": "affected",
                    "version": "10.2.x.x"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T18:20:16.174969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T18:21:58.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Aura System Manager",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.x.x"
                },
                {
                  "status": "affected",
                  "version": "10.2.x.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A SQL injection vulnerability was found which could allow a command line interface (CLI) user with \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadministrative privileges to execute arbitrary queries against the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAvaya Aura System Manager\u0026nbsp;\u003c/span\u003edatabase.\u0026nbsp;\n\nAffected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.\n\n\u003c/span\u003e\u0026nbsp;"
                }
              ],
              "value": "A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the\u00a0Avaya Aura System Manager\u00a0database.\u00a0\n\nAffected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-08T16:02:43.125Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101091159"
            }
          ],
          "source": {
            "defect": [
              "ZEPHYR-70310"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Avaya Aura System Manager SQL injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2024-7477",
        "datePublished": "2024-08-08T16:02:43.125Z",
        "dateReserved": "2024-08-05T07:37:13.538Z",
        "dateUpdated": "2024-08-09T18:21:58.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7032 (GCVE-0-2020-7032)

    Vulnerability from nvd – Published: 2020-11-13 00:20 – Updated: 2024-09-17 01:45
    VLAI
    Title
    Avaya WebLM Improper Restriction of XML External Entity Reference
    Summary
    An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    Avaya WebLM Affected: 8.0.x
    Affected: 7.0 , < 7.1.3.6 (custom)
    Affected: 8.1 , < 8.1.2 (custom)
    Create a notification for this product.
    Avaya System Manager Affected: 8.0.x
    Affected: 7.0 , < 7.1.3.6 (custom)
    Affected: 8.1 , < 8.1.2 (custom)
    Create a notification for this product.
    Date Public
    2020-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:02.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://downloads.avaya.com/css/P8/documents/101072249"
              },
              {
                "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Nov/31"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WebLM",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "lessThan": "7.1.3.6",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "System Manager",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "lessThan": "7.1.3.6",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-12T20:54:07.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://downloads.avaya.com/css/P8/documents/101072249"
            },
            {
              "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Nov/31"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/"
            }
          ],
          "source": {
            "advisory": "ASA-2020-153"
          },
          "title": "Avaya WebLM Improper Restriction of XML External Entity Reference",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "DATE_PUBLIC": "2020-11-12T07:00:00.000Z",
              "ID": "CVE-2020-7032",
              "STATE": "PUBLIC",
              "TITLE": "Avaya WebLM Improper Restriction of XML External Entity Reference"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WebLM",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "7.0",
                                "version_value": "7.1.3.6"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "8.0.x",
                                "version_value": "8.0.x"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.1",
                                "version_value": "8.1.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "System Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "7.0",
                                "version_value": "7.1.3.6"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "8.0.x",
                                "version_value": "8.0.x"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.1",
                                "version_value": "8.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611: Improper Restriction of XML External Entity Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://downloads.avaya.com/css/P8/documents/101072249",
                  "refsource": "CONFIRM",
                  "url": "https://downloads.avaya.com/css/P8/documents/101072249"
                },
                {
                  "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Nov/31"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html"
                },
                {
                  "name": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/",
                  "refsource": "MISC",
                  "url": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/"
                }
              ]
            },
            "source": {
              "advisory": "ASA-2020-153"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2020-7032",
        "datePublished": "2020-11-13T00:20:14.764Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:45:48.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5285 (GCVE-0-2016-5285)

    Vulnerability from nvd – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    Impacted products
    Date Public
    2016-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94349"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3163-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa137"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Services",
              "vendor": "Mozilla",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24"
                }
              ]
            }
          ],
          "datePublic": "2016-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:53:19.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-5285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
                },
                {
                  "name": "http://www.securityfocus.com/bid/94349",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94349"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
                },
                {
                  "name": "https://security.gentoo.org/glsa/201701-46",
                  "refsource": "MISC",
                  "url": "https://security.gentoo.org/glsa/201701-46"
                },
                {
                  "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
                  "refsource": "MISC",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-3163-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-3163-1"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa137",
                  "refsource": "MISC",
                  "url": "https://bto.bluecoat.com/security-advisory/sa137"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-5285",
        "datePublished": "2019-11-15T15:44:05.000Z",
        "dateReserved": "2016-06-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2943 (GCVE-0-2010-2943)

    Vulnerability from nvd – Published: 2010-09-30 14:00 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/42527 vdb-entryx_refsource_BID
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=624923 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/520102/100… mailing-listx_refsource_BUGTRAQ
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/46397 third-party-advisoryx_refsource_SECUNIA
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2010/08/18/2 mailing-listx_refsource_MLIST
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://oss.sgi.com/archives/xfs/2010-06/msg00191.html mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-1041-1 vendor-advisoryx_refsource_UBUNTU
    http://www.kernel.org/pub/linux/kernel/v2.6/Chang… x_refsource_CONFIRM
    http://oss.sgi.com/archives/xfs/2010-06/msg00198.html mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2011/0280 vdb-entryx_refsource_VUPEN
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://secunia.com/advisories/42758 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/css/P8/documents/100113326 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1057-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2010/08/19/5 mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2011/0070 vdb-entryx_refsource_VUPEN
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://secunia.com/advisories/43161 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:45.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d"
              },
              {
                "name": "42527",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42527"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa"
              },
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624923"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "name": "[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769"
              },
              {
                "name": "[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/18/2"
              },
              {
                "name": "[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767"
              },
              {
                "name": "[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00191.html"
              },
              {
                "name": "USN-1041-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1041-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
              },
              {
                "name": "[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00198.html"
              },
              {
                "name": "ADV-2011-0280",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0280"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "name": "42758",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42758"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "USN-1057-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1057-1"
              },
              {
                "name": "[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/19/5"
              },
              {
                "name": "ADV-2011-0070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0070"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188"
              },
              {
                "name": "43161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43161"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d"
            },
            {
              "name": "42527",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42527"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa"
            },
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624923"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769"
            },
            {
              "name": "[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/18/2"
            },
            {
              "name": "[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767"
            },
            {
              "name": "[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00191.html"
            },
            {
              "name": "USN-1041-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1041-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
            },
            {
              "name": "[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00198.html"
            },
            {
              "name": "ADV-2011-0280",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0280"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "name": "42758",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42758"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "USN-1057-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1057-1"
            },
            {
              "name": "[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/19/5"
            },
            {
              "name": "ADV-2011-0070",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0070"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188"
            },
            {
              "name": "43161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43161"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2943",
        "datePublished": "2010-09-30T14:00:00.000Z",
        "dateReserved": "2010-08-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:45.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2942 (GCVE-0-2010-2942)

    Vulnerability from nvd – Published: 2010-09-21 17:00 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=624903 x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-1000-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/520102/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/46397 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/davem/n… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v2.6/testi… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2010/2430 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2011/0298 vdb-entryx_refsource_VUPEN
    http://patchwork.ozlabs.org/patch/61857/ x_refsource_CONFIRM
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://support.avaya.com/css/P8/documents/100113326 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2010/08/18/1 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/42529 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2010/08/19/4 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/41512 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    Date Public
    2010-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:45.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"
              },
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "name": "USN-1000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1000-1"
              },
              {
                "name": "SUSE-SA:2010:041",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
              },
              {
                "name": "RHSA-2010:0771",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"
              },
              {
                "name": "SUSE-SA:2010:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
              },
              {
                "name": "ADV-2010-2430",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2430"
              },
              {
                "name": "SUSE-SA:2011:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
              },
              {
                "name": "SUSE-SA:2010:060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
              },
              {
                "name": "ADV-2011-0298",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0298"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://patchwork.ozlabs.org/patch/61857/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "[oss-security] 20100818 CVE request - kernel: net sched memleak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"
              },
              {
                "name": "42529",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42529"
              },
              {
                "name": "[oss-security] 20100819 Re: CVE request - kernel: net sched memleak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"
              },
              {
                "name": "SUSE-SA:2010:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
              },
              {
                "name": "41512",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41512"
              },
              {
                "name": "RHSA-2010:0779",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"
            },
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "name": "USN-1000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1000-1"
            },
            {
              "name": "SUSE-SA:2010:041",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
            },
            {
              "name": "RHSA-2010:0771",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"
            },
            {
              "name": "SUSE-SA:2010:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
            },
            {
              "name": "ADV-2010-2430",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2430"
            },
            {
              "name": "SUSE-SA:2011:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
            },
            {
              "name": "SUSE-SA:2010:060",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
            },
            {
              "name": "ADV-2011-0298",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0298"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://patchwork.ozlabs.org/patch/61857/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "[oss-security] 20100818 CVE request - kernel: net sched memleak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"
            },
            {
              "name": "42529",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42529"
            },
            {
              "name": "[oss-security] 20100819 Re: CVE request - kernel: net sched memleak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"
            },
            {
              "name": "SUSE-SA:2010:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
            },
            {
              "name": "41512",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41512"
            },
            {
              "name": "RHSA-2010:0779",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2942",
        "datePublished": "2010-09-21T17:00:00.000Z",
        "dateReserved": "2010-08-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:45.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2798 (GCVE-0-2010-2798)

    Vulnerability from nvd – Published: 2010-09-08 19:00 – Updated: 2024-08-07 02:46
    VLAI
    Summary
    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2010/0… mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-1000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/archive/1/520102/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/46397 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/42124 vdb-entryx_refsource_BID
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2010-06… vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2010-06… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v2.6/Chang… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=620300 x_refsource_CONFIRM
    http://securitytracker.com/id?1024386 vdb-entryx_refsource_SECTRACK
    http://www.openwall.com/lists/oss-security/2010/08/02/1 mailing-listx_refsource_MLIST
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://support.avaya.com/css/P8/documents/100113326 x_refsource_CONFIRM
    http://www.debian.org/security/2010/dsa-2094 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2010-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:46:48.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20100802 Re: CVE request: kernel: gfs2: rename cases kernel panic",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/02/10"
              },
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "name": "USN-1000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1000-1"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "name": "42124",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42124"
              },
              {
                "name": "MDVSA-2010:198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
              },
              {
                "name": "RHSA-2010:0670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html"
              },
              {
                "name": "RHSA-2010:0660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html"
              },
              {
                "name": "SUSE-SA:2010:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620300"
              },
              {
                "name": "1024386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1024386"
              },
              {
                "name": "[oss-security] 20100802 CVE request: kernel: gfs2: rename cases kernel panic",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/02/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "DSA-2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-2094"
              },
              {
                "name": "SUSE-SA:2010:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20100802 Re: CVE request: kernel: gfs2: rename cases kernel panic",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/02/10"
            },
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "name": "USN-1000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1000-1"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "42124",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42124"
            },
            {
              "name": "MDVSA-2010:198",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "RHSA-2010:0670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html"
            },
            {
              "name": "RHSA-2010:0660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html"
            },
            {
              "name": "SUSE-SA:2010:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620300"
            },
            {
              "name": "1024386",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1024386"
            },
            {
              "name": "[oss-security] 20100802 CVE request: kernel: gfs2: rename cases kernel panic",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/02/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "DSA-2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-2094"
            },
            {
              "name": "SUSE-SA:2010:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2798",
        "datePublished": "2010-09-08T19:00:00.000Z",
        "dateReserved": "2010-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:46:48.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2492 (GCVE-0-2010-2492)

    Vulnerability from nvd – Published: 2010-09-08 19:00 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:16.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "name": "MDVSA-2010:198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
              },
              {
                "name": "RHSA-2011:0007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611385"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "42890",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42890"
              },
              {
                "name": "MDVSA-2010:172",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "MDVSA-2010:198",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "RHSA-2011:0007",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611385"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "42890",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42890"
            },
            {
              "name": "MDVSA-2010:172",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2492",
        "datePublished": "2010-09-08T19:00:00.000Z",
        "dateReserved": "2010-06-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:16.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3939 (GCVE-0-2009-3939)

    Vulnerability from nvd – Published: 2009-11-16 19:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/38276 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=526068 x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38779 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/37019 vdb-entryx_refsource_BID
    http://support.avaya.com/css/P8/documents/100073666 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/37909 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2010/dsa-1996 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2009/11/13/1 mailing-listx_refsource_MLIST
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2010-0095.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/60201 vdb-entryx_refsource_OSVDB
    https://rhn.redhat.com/errata/RHSA-2010-0046.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38017 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/38492 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38276",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38276"
              },
              {
                "name": "SUSE-SA:2009:061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
              },
              {
                "name": "SUSE-SA:2010:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
              },
              {
                "name": "38779",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38779"
              },
              {
                "name": "37019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37019"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100073666"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "name": "37909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37909"
              },
              {
                "name": "SUSE-SA:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
              },
              {
                "name": "SUSE-SA:2009:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
              },
              {
                "name": "DSA-1996",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1996"
              },
              {
                "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
              },
              {
                "name": "oval:org.mitre.oval:def:10310",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
              },
              {
                "name": "RHSA-2010:0095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
              },
              {
                "name": "SUSE-SA:2010:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
              },
              {
                "name": "60201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/60201"
              },
              {
                "name": "RHSA-2010:0046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
              },
              {
                "name": "oval:org.mitre.oval:def:7540",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
              },
              {
                "name": "SUSE-SA:2010:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
              },
              {
                "name": "38017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38017"
              },
              {
                "name": "38492",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38492"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38276",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38276"
            },
            {
              "name": "SUSE-SA:2009:061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
            },
            {
              "name": "SUSE-SA:2010:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
            },
            {
              "name": "38779",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38779"
            },
            {
              "name": "37019",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37019"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100073666"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "37909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37909"
            },
            {
              "name": "SUSE-SA:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
            },
            {
              "name": "DSA-1996",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1996"
            },
            {
              "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
            },
            {
              "name": "oval:org.mitre.oval:def:10310",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
            },
            {
              "name": "RHSA-2010:0095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "SUSE-SA:2010:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
            },
            {
              "name": "60201",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/60201"
            },
            {
              "name": "RHSA-2010:0046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7540",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
            },
            {
              "name": "SUSE-SA:2010:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
            },
            {
              "name": "38017",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38017"
            },
            {
              "name": "38492",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38492"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38276",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38276"
                },
                {
                  "name": "SUSE-SA:2009:061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
                },
                {
                  "name": "USN-864-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-864-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
                },
                {
                  "name": "SUSE-SA:2010:001",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
                },
                {
                  "name": "38779",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38779"
                },
                {
                  "name": "37019",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37019"
                },
                {
                  "name": "http://support.avaya.com/css/P8/documents/100073666",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/css/P8/documents/100073666"
                },
                {
                  "name": "SUSE-SA:2010:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
                },
                {
                  "name": "37909",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37909"
                },
                {
                  "name": "SUSE-SA:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
                },
                {
                  "name": "SUSE-SA:2009:064",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
                },
                {
                  "name": "DSA-1996",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1996"
                },
                {
                  "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
                },
                {
                  "name": "oval:org.mitre.oval:def:10310",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
                },
                {
                  "name": "RHSA-2010:0095",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
                },
                {
                  "name": "SUSE-SA:2010:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
                },
                {
                  "name": "60201",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/60201"
                },
                {
                  "name": "RHSA-2010:0046",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:7540",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
                },
                {
                  "name": "SUSE-SA:2010:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
                },
                {
                  "name": "38017",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38017"
                },
                {
                  "name": "38492",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38492"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3939",
        "datePublished": "2009-11-16T19:00:00.000Z",
        "dateReserved": "2009-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7480 (GCVE-0-2024-7480)

    Vulnerability from cvelistv5 – Published: 2024-08-08 16:04 – Updated: 2025-10-01 01:33
    VLAI
    Title
    Improper access control in Avaya Aura System Manager
    Summary
    An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Aura System Manager Affected: 10.1.x.x
    Affected: 10.2.x.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T18:37:59.919717Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-08T18:40:15.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Aura System Manager",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.x.x"
                },
                {
                  "status": "affected",
                  "version": "10.2.x.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An\u0026nbsp;Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u0026nbsp;Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
                }
              ],
              "value": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-01T01:33:36.494Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101091159"
            }
          ],
          "source": {
            "defect": [
              "ZEPHYR-70310"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Improper access control in Avaya Aura System Manager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2024-7480",
        "datePublished": "2024-08-08T16:04:25.989Z",
        "dateReserved": "2024-08-05T08:33:54.944Z",
        "dateUpdated": "2025-10-01T01:33:36.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7477 (GCVE-0-2024-7477)

    Vulnerability from cvelistv5 – Published: 2024-08-08 16:02 – Updated: 2024-08-09 18:21
    VLAI
    Title
    Avaya Aura System Manager SQL injection vulnerability
    Summary
    A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database.  Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Avaya Aura System Manager Affected: 10.1.x.x
    Affected: 10.2.x.x
    Create a notification for this product.
    avaya aura_system_manager Affected: 10.1.x.x
    Affected: 10.2.x.x
        cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "aura_system_manager",
                "vendor": "avaya",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.1.x.x"
                  },
                  {
                    "status": "affected",
                    "version": "10.2.x.x"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T18:20:16.174969Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T18:21:58.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Aura System Manager",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.1.x.x"
                },
                {
                  "status": "affected",
                  "version": "10.2.x.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A SQL injection vulnerability was found which could allow a command line interface (CLI) user with \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadministrative privileges to execute arbitrary queries against the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAvaya Aura System Manager\u0026nbsp;\u003c/span\u003edatabase.\u0026nbsp;\n\nAffected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.\n\n\u003c/span\u003e\u0026nbsp;"
                }
              ],
              "value": "A SQL injection vulnerability was found which could allow a command line interface (CLI) user with administrative privileges to execute arbitrary queries against the\u00a0Avaya Aura System Manager\u00a0database.\u00a0\n\nAffected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-08T16:02:43.125Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "url": "https://download.avaya.com/css/public/documents/101091159"
            }
          ],
          "source": {
            "defect": [
              "ZEPHYR-70310"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Avaya Aura System Manager SQL injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2024-7477",
        "datePublished": "2024-08-08T16:02:43.125Z",
        "dateReserved": "2024-08-05T07:37:13.538Z",
        "dateUpdated": "2024-08-09T18:21:58.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7032 (GCVE-0-2020-7032)

    Vulnerability from cvelistv5 – Published: 2020-11-13 00:20 – Updated: 2024-09-17 01:45
    VLAI
    Title
    Avaya WebLM Improper Restriction of XML External Entity Reference
    Summary
    An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    Avaya WebLM Affected: 8.0.x
    Affected: 7.0 , < 7.1.3.6 (custom)
    Affected: 8.1 , < 8.1.2 (custom)
    Create a notification for this product.
    Avaya System Manager Affected: 8.0.x
    Affected: 7.0 , < 7.1.3.6 (custom)
    Affected: 8.1 , < 8.1.2 (custom)
    Create a notification for this product.
    Date Public
    2020-11-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:02.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://downloads.avaya.com/css/P8/documents/101072249"
              },
              {
                "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2020/Nov/31"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WebLM",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "lessThan": "7.1.3.6",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "System Manager",
              "vendor": "Avaya",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "lessThan": "7.1.3.6",
                  "status": "affected",
                  "version": "7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.2",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-11-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-12T20:54:07.000Z",
            "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
            "shortName": "avaya"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://downloads.avaya.com/css/P8/documents/101072249"
            },
            {
              "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Nov/31"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/"
            }
          ],
          "source": {
            "advisory": "ASA-2020-153"
          },
          "title": "Avaya WebLM Improper Restriction of XML External Entity Reference",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securityalerts@avaya.com",
              "DATE_PUBLIC": "2020-11-12T07:00:00.000Z",
              "ID": "CVE-2020-7032",
              "STATE": "PUBLIC",
              "TITLE": "Avaya WebLM Improper Restriction of XML External Entity Reference"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WebLM",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "7.0",
                                "version_value": "7.1.3.6"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "8.0.x",
                                "version_value": "8.0.x"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.1",
                                "version_value": "8.1.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "System Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "7.0",
                                "version_value": "7.1.3.6"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "8.0.x",
                                "version_value": "8.0.x"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "8.1",
                                "version_value": "8.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Avaya"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611: Improper Restriction of XML External Entity Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://downloads.avaya.com/css/P8/documents/101072249",
                  "refsource": "CONFIRM",
                  "url": "https://downloads.avaya.com/css/P8/documents/101072249"
                },
                {
                  "name": "20201117 SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2020/Nov/31"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160123/Avaya-Web-License-Manager-XML-Injection.html"
                },
                {
                  "name": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/",
                  "refsource": "MISC",
                  "url": "https://sec-consult.com/vulnerability-lab/advisory/blind-out-of-band-xml-external-entity-injection-in-avaya-web-license-manager/"
                }
              ]
            },
            "source": {
              "advisory": "ASA-2020-153"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "assignerShortName": "avaya",
        "cveId": "CVE-2020-7032",
        "datePublished": "2020-11-13T00:20:14.764Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:45:48.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5285 (GCVE-0-2016-5285)

    Vulnerability from cvelistv5 – Published: 2019-11-15 15:44 – Updated: 2024-08-06 00:53
    VLAI
    Summary
    A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • denial of service
    Assigner
    Impacted products
    Date Public
    2016-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:53:48.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94349"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-46"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3163-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa137"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Network Security Services",
              "vendor": "Mozilla",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.24"
                }
              ]
            }
          ],
          "datePublic": "2016-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-09T19:53:19.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/94349"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/201701-46"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3163-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa137"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-5285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Network Security Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html"
                },
                {
                  "name": "http://www.securityfocus.com/bid/94349",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/94349"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html"
                },
                {
                  "name": "https://security.gentoo.org/glsa/201701-46",
                  "refsource": "MISC",
                  "url": "https://security.gentoo.org/glsa/201701-46"
                },
                {
                  "name": "http://rhn.redhat.com/errata/RHSA-2016-2779.html",
                  "refsource": "MISC",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html",
                  "refsource": "MISC",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-3163-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-3163-1"
                },
                {
                  "name": "https://bto.bluecoat.com/security-advisory/sa137",
                  "refsource": "MISC",
                  "url": "https://bto.bluecoat.com/security-advisory/sa137"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1306103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-5285",
        "datePublished": "2019-11-15T15:44:05.000Z",
        "dateReserved": "2016-06-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:53:48.923Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2943 (GCVE-0-2010-2943)

    Vulnerability from cvelistv5 – Published: 2010-09-30 14:00 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/42527 vdb-entryx_refsource_BID
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=624923 x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/520102/100… mailing-listx_refsource_BUGTRAQ
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/46397 third-party-advisoryx_refsource_SECUNIA
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2010/08/18/2 mailing-listx_refsource_MLIST
    http://article.gmane.org/gmane.comp.file-systems.… mailing-listx_refsource_MLIST
    http://oss.sgi.com/archives/xfs/2010-06/msg00191.html mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-1041-1 vendor-advisoryx_refsource_UBUNTU
    http://www.kernel.org/pub/linux/kernel/v2.6/Chang… x_refsource_CONFIRM
    http://oss.sgi.com/archives/xfs/2010-06/msg00198.html mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2011/0280 vdb-entryx_refsource_VUPEN
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://secunia.com/advisories/42758 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/css/P8/documents/100113326 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1057-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2010/08/19/5 mailing-listx_refsource_MLIST
    http://www.vupen.com/english/advisories/2011/0070 vdb-entryx_refsource_VUPEN
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://secunia.com/advisories/43161 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:45.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d"
              },
              {
                "name": "42527",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42527"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa"
              },
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624923"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "name": "[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769"
              },
              {
                "name": "[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/18/2"
              },
              {
                "name": "[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767"
              },
              {
                "name": "[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00191.html"
              },
              {
                "name": "USN-1041-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1041-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
              },
              {
                "name": "[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00198.html"
              },
              {
                "name": "ADV-2011-0280",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0280"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "name": "42758",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42758"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "USN-1057-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1057-1"
              },
              {
                "name": "[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/19/5"
              },
              {
                "name": "ADV-2011-0070",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0070"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188"
              },
              {
                "name": "43161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43161"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d"
            },
            {
              "name": "42527",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42527"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa"
            },
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624923"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769"
            },
            {
              "name": "[oss-security] 20100818 CVE request - kernel: xfs: stale data exposure",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/18/2"
            },
            {
              "name": "[linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767"
            },
            {
              "name": "[xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00191.html"
            },
            {
              "name": "USN-1041-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1041-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
            },
            {
              "name": "[xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://oss.sgi.com/archives/xfs/2010-06/msg00198.html"
            },
            {
              "name": "ADV-2011-0280",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0280"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "name": "42758",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42758"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "USN-1057-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1057-1"
            },
            {
              "name": "[oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/19/5"
            },
            {
              "name": "ADV-2011-0070",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0070"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188"
            },
            {
              "name": "43161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43161"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2943",
        "datePublished": "2010-09-30T14:00:00.000Z",
        "dateReserved": "2010-08-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:45.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2942 (GCVE-0-2010-2942)

    Vulnerability from cvelistv5 – Published: 2010-09-21 17:00 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=624903 x_refsource_CONFIRM
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-1000-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/archive/1/520102/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/46397 third-party-advisoryx_refsource_SECUNIA
    http://git.kernel.org/?p=linux/kernel/git/davem/n… x_refsource_CONFIRM
    http://www.kernel.org/pub/linux/kernel/v2.6/testi… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2010/2430 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2011/0298 vdb-entryx_refsource_VUPEN
    http://patchwork.ozlabs.org/patch/61857/ x_refsource_CONFIRM
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://support.avaya.com/css/P8/documents/100113326 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2010/08/18/1 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/42529 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2010/08/19/4 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/41512 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    Date Public
    2010-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:45.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"
              },
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "name": "USN-1000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1000-1"
              },
              {
                "name": "SUSE-SA:2010:041",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
              },
              {
                "name": "RHSA-2010:0771",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"
              },
              {
                "name": "SUSE-SA:2010:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
              },
              {
                "name": "ADV-2010-2430",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2430"
              },
              {
                "name": "SUSE-SA:2011:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
              },
              {
                "name": "SUSE-SA:2010:060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
              },
              {
                "name": "ADV-2011-0298",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0298"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://patchwork.ozlabs.org/patch/61857/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "[oss-security] 20100818 CVE request - kernel: net sched memleak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"
              },
              {
                "name": "42529",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42529"
              },
              {
                "name": "[oss-security] 20100819 Re: CVE request - kernel: net sched memleak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"
              },
              {
                "name": "SUSE-SA:2010:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
              },
              {
                "name": "41512",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41512"
              },
              {
                "name": "RHSA-2010:0779",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624903"
            },
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "name": "USN-1000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1000-1"
            },
            {
              "name": "SUSE-SA:2010:041",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
            },
            {
              "name": "RHSA-2010:0771",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2"
            },
            {
              "name": "SUSE-SA:2010:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
            },
            {
              "name": "ADV-2010-2430",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2430"
            },
            {
              "name": "SUSE-SA:2011:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
            },
            {
              "name": "SUSE-SA:2010:060",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
            },
            {
              "name": "ADV-2011-0298",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0298"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://patchwork.ozlabs.org/patch/61857/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "[oss-security] 20100818 CVE request - kernel: net sched memleak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/18/1"
            },
            {
              "name": "42529",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42529"
            },
            {
              "name": "[oss-security] 20100819 Re: CVE request - kernel: net sched memleak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/19/4"
            },
            {
              "name": "SUSE-SA:2010:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
            },
            {
              "name": "41512",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41512"
            },
            {
              "name": "RHSA-2010:0779",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2942",
        "datePublished": "2010-09-21T17:00:00.000Z",
        "dateReserved": "2010-08-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:45.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2798 (GCVE-0-2010-2798)

    Vulnerability from cvelistv5 – Published: 2010-09-08 19:00 – Updated: 2024-08-07 02:46
    VLAI
    Summary
    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.openwall.com/lists/oss-security/2010/0… mailing-listx_refsource_MLIST
    http://www.redhat.com/support/errata/RHSA-2010-07… vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-1000-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/archive/1/520102/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/46397 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/42124 vdb-entryx_refsource_BID
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.redhat.com/support/errata/RHSA-2010-06… vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2010-06… vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.kernel.org/pub/linux/kernel/v2.6/Chang… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=620300 x_refsource_CONFIRM
    http://securitytracker.com/id?1024386 vdb-entryx_refsource_SECTRACK
    http://www.openwall.com/lists/oss-security/2010/08/02/1 mailing-listx_refsource_MLIST
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://git.kernel.org/?p=linux/kernel/git/torvald… x_refsource_CONFIRM
    http://support.avaya.com/css/P8/documents/100113326 x_refsource_CONFIRM
    http://www.debian.org/security/2010/dsa-2094 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2010-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:46:48.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20100802 Re: CVE request: kernel: gfs2: rename cases kernel panic",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/02/10"
              },
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "name": "USN-1000-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1000-1"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "name": "42124",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42124"
              },
              {
                "name": "MDVSA-2010:198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
              },
              {
                "name": "RHSA-2010:0670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html"
              },
              {
                "name": "RHSA-2010:0660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html"
              },
              {
                "name": "SUSE-SA:2010:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620300"
              },
              {
                "name": "1024386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1024386"
              },
              {
                "name": "[oss-security] 20100802 CVE request: kernel: gfs2: rename cases kernel panic",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/08/02/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "DSA-2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-2094"
              },
              {
                "name": "SUSE-SA:2010:054",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[oss-security] 20100802 Re: CVE request: kernel: gfs2: rename cases kernel panic",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/02/10"
            },
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "name": "USN-1000-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1000-1"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "42124",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42124"
            },
            {
              "name": "MDVSA-2010:198",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "RHSA-2010:0670",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0670.html"
            },
            {
              "name": "RHSA-2010:0660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0660.html"
            },
            {
              "name": "SUSE-SA:2010:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620300"
            },
            {
              "name": "1024386",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1024386"
            },
            {
              "name": "[oss-security] 20100802 CVE request: kernel: gfs2: rename cases kernel panic",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/02/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "DSA-2094",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-2094"
            },
            {
              "name": "SUSE-SA:2010:054",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2798",
        "datePublished": "2010-09-08T19:00:00.000Z",
        "dateReserved": "2010-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:46:48.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2492 (GCVE-0-2010-2492)

    Vulnerability from cvelistv5 – Published: 2010-09-08 19:00 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:16.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2010:0723",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
              },
              {
                "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
              },
              {
                "name": "46397",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46397"
              },
              {
                "name": "MDVSA-2010:198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
              },
              {
                "name": "RHSA-2011:0007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611385"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100113326"
              },
              {
                "name": "42890",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42890"
              },
              {
                "name": "MDVSA-2010:172",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2010:0723",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0723.html"
            },
            {
              "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
            },
            {
              "name": "46397",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46397"
            },
            {
              "name": "MDVSA-2010:198",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
            },
            {
              "name": "RHSA-2011:0007",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611385"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a6f80fb7b5986fda663d94079d3bba0937a6b6ff"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100113326"
            },
            {
              "name": "42890",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42890"
            },
            {
              "name": "MDVSA-2010:172",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:172"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-2492",
        "datePublished": "2010-09-08T19:00:00.000Z",
        "dateReserved": "2010-06-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:16.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3939 (GCVE-0-2009-3939)

    Vulnerability from cvelistv5 – Published: 2009-11-16 19:00 – Updated: 2024-08-07 06:45
    VLAI
    Summary
    The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/38276 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/usn-864-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=526068 x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38779 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/37019 vdb-entryx_refsource_BID
    http://support.avaya.com/css/P8/documents/100073666 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/37909 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2010/dsa-1996 vendor-advisoryx_refsource_DEBIAN
    http://www.openwall.com/lists/oss-security/2009/11/13/1 mailing-listx_refsource_MLIST
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2010-0095.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/60201 vdb-entryx_refsource_OSVDB
    https://rhn.redhat.com/errata/RHSA-2010-0046.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38017 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/38492 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:45:50.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38276",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38276"
              },
              {
                "name": "SUSE-SA:2009:061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
              },
              {
                "name": "USN-864-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-864-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
              },
              {
                "name": "SUSE-SA:2010:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
              },
              {
                "name": "38779",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38779"
              },
              {
                "name": "37019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37019"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/css/P8/documents/100073666"
              },
              {
                "name": "SUSE-SA:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
              },
              {
                "name": "37909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37909"
              },
              {
                "name": "SUSE-SA:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
              },
              {
                "name": "SUSE-SA:2009:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
              },
              {
                "name": "DSA-1996",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1996"
              },
              {
                "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
              },
              {
                "name": "oval:org.mitre.oval:def:10310",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
              },
              {
                "name": "RHSA-2010:0095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
              },
              {
                "name": "SUSE-SA:2010:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
              },
              {
                "name": "60201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/60201"
              },
              {
                "name": "RHSA-2010:0046",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
              },
              {
                "name": "oval:org.mitre.oval:def:7540",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
              },
              {
                "name": "SUSE-SA:2010:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
              },
              {
                "name": "38017",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38017"
              },
              {
                "name": "38492",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38492"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38276",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38276"
            },
            {
              "name": "SUSE-SA:2009:061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
            },
            {
              "name": "USN-864-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-864-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
            },
            {
              "name": "SUSE-SA:2010:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
            },
            {
              "name": "38779",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38779"
            },
            {
              "name": "37019",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37019"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/css/P8/documents/100073666"
            },
            {
              "name": "SUSE-SA:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
            },
            {
              "name": "37909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37909"
            },
            {
              "name": "SUSE-SA:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
            },
            {
              "name": "DSA-1996",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1996"
            },
            {
              "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
            },
            {
              "name": "oval:org.mitre.oval:def:10310",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
            },
            {
              "name": "RHSA-2010:0095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "SUSE-SA:2010:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
            },
            {
              "name": "60201",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/60201"
            },
            {
              "name": "RHSA-2010:0046",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
            },
            {
              "name": "oval:org.mitre.oval:def:7540",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
            },
            {
              "name": "SUSE-SA:2010:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
            },
            {
              "name": "38017",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38017"
            },
            {
              "name": "38492",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38492"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38276",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38276"
                },
                {
                  "name": "SUSE-SA:2009:061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
                },
                {
                  "name": "USN-864-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-864-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=526068",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=526068"
                },
                {
                  "name": "SUSE-SA:2010:001",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
                },
                {
                  "name": "38779",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38779"
                },
                {
                  "name": "37019",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37019"
                },
                {
                  "name": "http://support.avaya.com/css/P8/documents/100073666",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/css/P8/documents/100073666"
                },
                {
                  "name": "SUSE-SA:2010:012",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
                },
                {
                  "name": "37909",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37909"
                },
                {
                  "name": "SUSE-SA:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
                },
                {
                  "name": "SUSE-SA:2009:064",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
                },
                {
                  "name": "DSA-1996",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1996"
                },
                {
                  "name": "[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/11/13/1"
                },
                {
                  "name": "oval:org.mitre.oval:def:10310",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310"
                },
                {
                  "name": "RHSA-2010:0095",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
                },
                {
                  "name": "SUSE-SA:2010:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
                },
                {
                  "name": "60201",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/60201"
                },
                {
                  "name": "RHSA-2010:0046",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2010-0046.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:7540",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540"
                },
                {
                  "name": "SUSE-SA:2010:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html"
                },
                {
                  "name": "38017",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38017"
                },
                {
                  "name": "38492",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38492"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3939",
        "datePublished": "2009-11-16T19:00:00.000Z",
        "dateReserved": "2009-11-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:45:50.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }