Search criteria
208 vulnerabilities found for linux_enterprise_workstation_extension by suse
CVE-2021-4034 (GCVE-0-2021-4034)
Vulnerability from nvd – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Severity ?
7.8 (High)
CWE
- CWE-787 - (CWE-787|CWE-125)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T18:05:54.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4034",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-12T10:21:57.857346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:48.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-27T00:00:00+00:00",
"value": "CVE-2021-4034 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "(CWE-787|CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T00:16:44.133Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4034",
"datePublished": "2022-01-28T00:00:00.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:48.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11038 (GCVE-0-2019-11038)
Vulnerability from nvd – Published: 2019-06-18 23:28 – Updated: 2024-09-16 21:04
VLAI?
Title
Uninitialized read in gdImageCreateFromXbm
Summary
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
Credits
By chamal dot desilva at gmail dot com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-be4f895015",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
},
{
"name": "FEDORA-2019-8c4b25b5ec",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
},
{
"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/issues/501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "openSUSE-SU-2020:0332",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4316-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.x \u003c 7.1.30"
},
{
"status": "affected",
"version": "7.2.x \u003c 7.2.19"
},
{
"status": "affected",
"version": "7.3.x \u003c 7.3.6"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."
}
],
"credits": [
{
"lang": "en",
"value": "By chamal dot desilva at gmail dot com"
}
],
"datePublic": "2019-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T01:06:06",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"name": "FEDORA-2019-be4f895015",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
},
{
"name": "FEDORA-2019-8c4b25b5ec",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
},
{
"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=77973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgd/libgd/issues/501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "openSUSE-SU-2020:0332",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4316-1/"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77973"
],
"discovery": "EXTERNAL"
},
"title": "Uninitialized read in gdImageCreateFromXbm",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
"ID": "CVE-2019-11038",
"STATE": "PUBLIC",
"TITLE": "Uninitialized read in gdImageCreateFromXbm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.x \u003c 7.1.30"
},
{
"version_value": "7.2.x \u003c 7.2.19"
},
{
"version_value": "7.3.x \u003c 7.3.6"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."
}
],
"credit": [
{
"lang": "eng",
"value": "By chamal dot desilva at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-be4f895015",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
},
{
"name": "FEDORA-2019-8c4b25b5ec",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
},
{
"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
},
{
"name": "https://bugs.php.net/bug.php?id=77973",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=77973"
},
{
"name": "https://github.com/libgd/libgd/issues/501",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/501"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140118",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140120",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "openSUSE-SU-2020:0332",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4316-1/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=77973"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11038",
"datePublished": "2019-06-18T23:28:28.236592Z",
"dateReserved": "2019-04-09T00:00:00",
"dateUpdated": "2024-09-16T21:04:15.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18017 (GCVE-0-2017-18017)
Vulnerability from nvd – Published: 2018-01-03 06:00 – Updated: 2025-01-03 12:04
VLAI?
Summary
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-03T12:04:18.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://patchwork.ozlabs.org/patch/746618/"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lkml.org/lkml/2017/4/2/13"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "102367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102367"
},
{
"name": "SUSE-SU-2018:0834",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"name": "SUSE-SU-2018:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
},
{
"name": "SUSE-SU-2018:0383",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3583-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18352029"
},
{
"name": "SUSE-SU-2018:0555",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
},
{
"name": "openSUSE-SU-2018:0408",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
},
{
"name": "SUSE-SU-2018:0986",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
},
{
"name": "SUSE-SU-2018:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
},
{
"name": "SUSE-SU-2018:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
},
{
"name": "SUSE-SU-2018:0841",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3583-2"
},
{
"name": "SUSE-SU-2018:0660",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:33:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://patchwork.ozlabs.org/patch/746618/"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lkml.org/lkml/2017/4/2/13"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "102367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102367"
},
{
"name": "SUSE-SU-2018:0834",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"name": "SUSE-SU-2018:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
},
{
"name": "SUSE-SU-2018:0383",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3583-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18352029"
},
{
"name": "SUSE-SU-2018:0555",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
},
{
"name": "openSUSE-SU-2018:0408",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
},
{
"name": "SUSE-SU-2018:0986",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
},
{
"name": "SUSE-SU-2018:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
},
{
"name": "SUSE-SU-2018:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
},
{
"name": "SUSE-SU-2018:0841",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3583-2"
},
{
"name": "SUSE-SU-2018:0660",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "http://patchwork.ozlabs.org/patch/746618/",
"refsource": "MISC",
"url": "http://patchwork.ozlabs.org/patch/746618/"
},
{
"name": "RHSA-2018:1737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
},
{
"name": "https://lkml.org/lkml/2017/4/2/13",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2017/4/2/13"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1319",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
},
{
"name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1170",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "102367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102367"
},
{
"name": "SUSE-SU-2018:0834",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"name": "SUSE-SU-2018:0848",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
},
{
"name": "SUSE-SU-2018:0383",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3583-1"
},
{
"name": "https://support.f5.com/csp/article/K18352029",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18352029"
},
{
"name": "SUSE-SU-2018:0555",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
},
{
"name": "openSUSE-SU-2018:0408",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
},
{
"name": "SUSE-SU-2018:0986",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
},
{
"name": "SUSE-SU-2018:0416",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
},
{
"name": "SUSE-SU-2018:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
},
{
"name": "SUSE-SU-2018:0841",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3583-2"
},
{
"name": "SUSE-SU-2018:0660",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18017",
"datePublished": "2018-01-03T06:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2025-01-03T12:04:18.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9959 (GCVE-0-2016-9959)
Vulnerability from nvd – Published: 2017-04-12 20:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9959",
"datePublished": "2017-04-12T20:00:00",
"dateReserved": "2016-12-15T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9958 (GCVE-0-2016-9958)
Vulnerability from nvd – Published: 2017-04-12 20:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9958",
"datePublished": "2017-04-12T20:00:00",
"dateReserved": "2016-12-15T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9957 (GCVE-0-2016-9957)
Vulnerability from nvd – Published: 2017-04-12 20:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
Stack-based buffer overflow in game-music-emu before 0.6.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in game-music-emu before 0.6.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in game-music-emu before 0.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9957",
"datePublished": "2017-04-12T20:00:00",
"dateReserved": "2016-12-15T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9853 (GCVE-0-2014-9853)
Vulnerability from nvd – Published: 2017-03-17 14:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:2073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9853",
"datePublished": "2017-03-17T14:00:00",
"dateReserved": "2016-06-02T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9852 (GCVE-0-2014-9852)
Vulnerability from nvd – Published: 2017-03-17 14:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9852",
"datePublished": "2017-03-17T14:00:00",
"dateReserved": "2016-06-02T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5244 (GCVE-0-2016-5244)
Vulnerability from nvd – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:53
VLAI?
Summary
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3070-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "[oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/5"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/patch/629110/"
},
{
"name": "USN-3070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "1041895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "91021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91021"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "USN-3070-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337"
},
{
"name": "USN-3071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3071-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "USN-3070-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3072-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3072-2"
},
{
"name": "USN-3072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3072-1"
},
{
"name": "USN-3071-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3071-2"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3070-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "[oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/5"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.ozlabs.org/patch/629110/"
},
{
"name": "USN-3070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "1041895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "91021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91021"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "USN-3070-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337"
},
{
"name": "USN-3071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3071-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "USN-3070-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3072-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3072-2"
},
{
"name": "USN-3072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3072-1"
},
{
"name": "USN-3071-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3071-2"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3070-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "[oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/5"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "https://patchwork.ozlabs.org/patch/629110/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/629110/"
},
{
"name": "USN-3070-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "1041895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "91021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91021"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "USN-3070-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337"
},
{
"name": "USN-3071-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3071-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "USN-3070-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3072-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3072-2"
},
{
"name": "USN-3072-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3072-1"
},
{
"name": "USN-3071-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3071-2"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5244",
"datePublished": "2016-06-27T10:00:00",
"dateReserved": "2016-06-03T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4171 (GCVE-0-2016-4171)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2025-11-17 19:40
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201606-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201606-08"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-03.html"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "VU#748992",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/748992"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "1036094",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036094"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "91184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-4171",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T19:40:33.746552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4171"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T19:40:40.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4171"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/cisagov/vulnrichment/issues/196"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-09T15:57:01.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201606-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201606-08"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-03.html"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "VU#748992",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/748992"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "1036094",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036094"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "91184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201606-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-08"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsa16-03.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa16-03.html"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "VU#748992",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/748992"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "1036094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036094"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "91184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91184"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4171",
"datePublished": "2016-06-16T14:00:00.000Z",
"dateReserved": "2016-04-27T00:00:00.000Z",
"dateUpdated": "2025-11-17T19:40:40.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-4156 (GCVE-0-2016-4156)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4156",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4155 (GCVE-0-2016-4155)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4155",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4154 (GCVE-0-2016-4154)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4154",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4153 (GCVE-0-2016-4153)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4153",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4152 (GCVE-0-2016-4152)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4152",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4151 (GCVE-0-2016-4151)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4151",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4150 (GCVE-0-2016-4150)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4150",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4149 (GCVE-0-2016-4149)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4149",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4148 (GCVE-0-2016-4148)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4148",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4147 (GCVE-0-2016-4147)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4147",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4146 (GCVE-0-2016-4146)
Vulnerability from nvd – Published: 2016-06-16 14:00 – Updated: 2024-08-06 00:17
VLAI?
Summary
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "1036117",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-4146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036117"
},
{
"name": "MS16-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083"
},
{
"name": "openSUSE-SU-2016:1625",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html"
},
{
"name": "RHSA-2016:1238",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1238"
},
{
"name": "openSUSE-SU-2016:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html"
},
{
"name": "SUSE-SU-2016:1613",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-18.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2016-4146",
"datePublished": "2016-06-16T14:00:00",
"dateReserved": "2016-04-27T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4034 (GCVE-0-2021-4034)
Vulnerability from cvelistv5 – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Severity ?
7.8 (High)
CWE
- CWE-787 - (CWE-787|CWE-125)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T18:05:54.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4034",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-12T10:21:57.857346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:48.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-27T00:00:00+00:00",
"value": "CVE-2021-4034 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "(CWE-787|CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T00:16:44.133Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4034",
"datePublished": "2022-01-28T00:00:00.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:48.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11038 (GCVE-0-2019-11038)
Vulnerability from cvelistv5 – Published: 2019-06-18 23:28 – Updated: 2024-09-16 21:04
VLAI?
Title
Uninitialized read in gdImageCreateFromXbm
Summary
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.
Severity ?
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
Credits
By chamal dot desilva at gmail dot com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-be4f895015",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
},
{
"name": "FEDORA-2019-8c4b25b5ec",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
},
{
"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=77973"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgd/libgd/issues/501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "openSUSE-SU-2020:0332",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4316-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"status": "affected",
"version": "7.1.x \u003c 7.1.30"
},
{
"status": "affected",
"version": "7.2.x \u003c 7.2.19"
},
{
"status": "affected",
"version": "7.3.x \u003c 7.3.6"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."
}
],
"credits": [
{
"lang": "en",
"value": "By chamal dot desilva at gmail dot com"
}
],
"datePublic": "2019-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457: Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T01:06:06",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"name": "FEDORA-2019-be4f895015",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
},
{
"name": "FEDORA-2019-8c4b25b5ec",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
},
{
"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=77973"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgd/libgd/issues/501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
},
{
"name": "RHSA-2019:2519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "openSUSE-SU-2020:0332",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4316-1/"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77973"
],
"discovery": "EXTERNAL"
},
"title": "Uninitialized read in gdImageCreateFromXbm",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2019-05-28T06:49:00.000Z",
"ID": "CVE-2019-11038",
"STATE": "PUBLIC",
"TITLE": "Uninitialized read in gdImageCreateFromXbm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_value": "7.1.x \u003c 7.1.30"
},
{
"version_value": "7.2.x \u003c 7.2.19"
},
{
"version_value": "7.3.x \u003c 7.3.6"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable."
}
],
"credit": [
{
"lang": "eng",
"value": "By chamal dot desilva at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-457: Use of Uninitialized Variable"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2019-be4f895015",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/"
},
{
"name": "FEDORA-2019-8c4b25b5ec",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/"
},
{
"name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html"
},
{
"name": "https://bugs.php.net/bug.php?id=77973",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=77973"
},
{
"name": "https://github.com/libgd/libgd/issues/501",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/501"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140118",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140118"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1140120",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140120"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724432"
},
{
"name": "RHSA-2019:2519",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"name": "DSA-4529",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4529"
},
{
"name": "20190923 [SECURITY] [DSA 4529-1] php7.0 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/38"
},
{
"name": "RHSA-2019:3299",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"name": "openSUSE-SU-2020:0332",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html"
},
{
"name": "FEDORA-2020-e795f92d79",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/"
},
{
"name": "USN-4316-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4316-2/"
},
{
"name": "USN-4316-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4316-1/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://bugs.php.net/bug.php?id=77973"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2019-11038",
"datePublished": "2019-06-18T23:28:28.236592Z",
"dateReserved": "2019-04-09T00:00:00",
"dateUpdated": "2024-09-16T21:04:15.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18017 (GCVE-0-2017-18017)
Vulnerability from cvelistv5 – Published: 2018-01-03 06:00 – Updated: 2025-01-03 12:04
VLAI?
Summary
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-03T12:04:18.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://patchwork.ozlabs.org/patch/746618/"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lkml.org/lkml/2017/4/2/13"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "102367",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102367"
},
{
"name": "SUSE-SU-2018:0834",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"name": "SUSE-SU-2018:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
},
{
"name": "SUSE-SU-2018:0383",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3583-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18352029"
},
{
"name": "SUSE-SU-2018:0555",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
},
{
"name": "openSUSE-SU-2018:0408",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
},
{
"name": "SUSE-SU-2018:0986",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
},
{
"name": "SUSE-SU-2018:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
},
{
"name": "SUSE-SU-2018:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
},
{
"name": "SUSE-SU-2018:0841",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3583-2"
},
{
"name": "SUSE-SU-2018:0660",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:33:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://patchwork.ozlabs.org/patch/746618/"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lkml.org/lkml/2017/4/2/13"
},
{
"name": "RHSA-2018:1062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1319",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "102367",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102367"
},
{
"name": "SUSE-SU-2018:0834",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"name": "SUSE-SU-2018:0848",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
},
{
"name": "SUSE-SU-2018:0383",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3583-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18352029"
},
{
"name": "SUSE-SU-2018:0555",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
},
{
"name": "openSUSE-SU-2018:0408",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
},
{
"name": "SUSE-SU-2018:0986",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
},
{
"name": "SUSE-SU-2018:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
},
{
"name": "SUSE-SU-2018:0482",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
},
{
"name": "SUSE-SU-2018:0841",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3583-2"
},
{
"name": "SUSE-SU-2018:0660",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "http://patchwork.ozlabs.org/patch/746618/",
"refsource": "MISC",
"url": "http://patchwork.ozlabs.org/patch/746618/"
},
{
"name": "RHSA-2018:1737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36",
"refsource": "MISC",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"
},
{
"name": "https://lkml.org/lkml/2017/4/2/13",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2017/4/2/13"
},
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:1319",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765"
},
{
"name": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1170",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1170"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901"
},
{
"name": "RHSA-2018:1130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1130"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "102367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102367"
},
{
"name": "SUSE-SU-2018:0834",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html"
},
{
"name": "SUSE-SU-2018:0848",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html"
},
{
"name": "SUSE-SU-2018:0383",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3583-1"
},
{
"name": "https://support.f5.com/csp/article/K18352029",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18352029"
},
{
"name": "SUSE-SU-2018:0555",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html"
},
{
"name": "openSUSE-SU-2018:0408",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html"
},
{
"name": "SUSE-SU-2018:0986",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html"
},
{
"name": "SUSE-SU-2018:0416",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html"
},
{
"name": "SUSE-SU-2018:0482",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html"
},
{
"name": "SUSE-SU-2018:0841",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3583-2"
},
{
"name": "SUSE-SU-2018:0660",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18017",
"datePublished": "2018-01-03T06:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2025-01-03T12:04:18.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9959 (GCVE-0-2016-9959)
Vulnerability from cvelistv5 – Published: 2017-04-12 20:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9959",
"datePublished": "2017-04-12T20:00:00",
"dateReserved": "2016-12-15T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9958 (GCVE-0-2016-9958)
Vulnerability from cvelistv5 – Published: 2017-04-12 20:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9958",
"datePublished": "2017-04-12T20:00:00",
"dateReserved": "2016-12-15T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9957 (GCVE-0-2016-9957)
Vulnerability from cvelistv5 – Published: 2017-04-12 20:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
Stack-based buffer overflow in game-music-emu before 0.6.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in game-music-emu before 0.6.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "SUSE-SA:2016:3250",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in game-music-emu before 0.6.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9957",
"datePublished": "2017-04-12T20:00:00",
"dateReserved": "2016-12-15T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9853 (GCVE-0-2014-9853)
Vulnerability from cvelistv5 – Published: 2017-03-17 14:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:2073",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "openSUSE-SU-2016:3060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name": "SUSE-SU-2016:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343513"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9853",
"datePublished": "2017-03-17T14:00:00",
"dateReserved": "2016-06-02T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9852 (GCVE-0-2014-9852)
Vulnerability from cvelistv5 – Published: 2017-03-17 14:00 – Updated: 2024-08-06 13:55
VLAI?
Summary
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:1833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343512"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=37ec7d53dcb99fbd1f5c33442594d5e279630563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9852",
"datePublished": "2017-03-17T14:00:00",
"dateReserved": "2016-06-02T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5244 (GCVE-0-2016-5244)
Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:53
VLAI?
Summary
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3070-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "[oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/5"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/patch/629110/"
},
{
"name": "USN-3070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "1041895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "91021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91021"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "USN-3070-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337"
},
{
"name": "USN-3071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3071-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "USN-3070-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3072-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3072-2"
},
{
"name": "USN-3072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3072-1"
},
{
"name": "USN-3071-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3071-2"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3070-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "[oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/5"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.ozlabs.org/patch/629110/"
},
{
"name": "USN-3070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "1041895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "91021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91021"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "USN-3070-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337"
},
{
"name": "USN-3071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3071-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "USN-3070-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3072-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3072-2"
},
{
"name": "USN-3072-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3072-1"
},
{
"name": "USN-3071-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3071-2"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-3070-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-1"
},
{
"name": "[oss-security] 20160603 Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/03/5"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "https://patchwork.ozlabs.org/patch/629110/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/629110/"
},
{
"name": "USN-3070-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-3"
},
{
"name": "1041895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "91021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91021"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb"
},
{
"name": "USN-3070-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-2"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343337"
},
{
"name": "USN-3071-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3071-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "USN-3070-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3070-4"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3072-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3072-2"
},
{
"name": "USN-3072-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3072-1"
},
{
"name": "USN-3071-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3071-2"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5244",
"datePublished": "2016-06-27T10:00:00",
"dateReserved": "2016-06-03T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}