Search criteria
11 vulnerabilities found for openSUSE Factory by SUSE
VAR-201403-0508
Vulnerability from variot - Updated: 2025-12-22 23:04The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. The Linux kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. The NFSv4 implementation is one of the distributed file system protocols. The vulnerability stems from the fact that the program does not verify the auth_enable and auth_capable fields before calling sctp_sf_authenticate. 6.2) - x86_64
-
(CVE-2014-0101, Important)
-
A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY.
This update also fixes the following bug:
- Prior to this update, a guest-provided value was used as the head length of the socket buffer allocated on the host. If the host was under heavy memory load and the guest-provided value was too large, the allocation could have failed, resulting in stalls and packet drops in the guest's Tx path. With this update, the guest-provided value has been limited to a reasonable size so that socket buffer allocations on the host succeed regardless of the memory load on the host, and guests can send packets without experiencing packet drops or stalls.
The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - noarch, x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64
-
A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection.
This update also fixes the following bug:
- Due to an incorrect call of the weak-modules script in the kernel spec file, the weak-modules directory was removed from the system when removing or upgrading certain kernel packages related to weak-modules, such as kernel-debug. With this update, the weak-modules call in the kernel spec file has been corrected, and the script now preserves the weak-modules directory on the system in this scenario. (BZ#1076599)
All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.
- Package List:
Red Hat Enterprise Linux Compute Node EUS (v. 6.3):
Source: kernel-2.6.32-279.43.1.el6.src.rpm
noarch: kernel-doc-2.6.32-279.43.1.el6.noarch.rpm kernel-firmware-2.6.32-279.43.1.el6.noarch.rpm
x86_64: kernel-2.6.32-279.43.1.el6.x86_64.rpm kernel-debug-2.6.32-279.43.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm kernel-devel-2.6.32-279.43.1.el6.x86_64.rpm kernel-headers-2.6.32-279.43.1.el6.x86_64.rpm perf-2.6.32-279.43.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3):
Source: kernel-2.6.32-279.43.1.el6.src.rpm
x86_64: kernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm python-perf-2.6.32-279.43.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.3):
Source: kernel-2.6.32-279.43.1.el6.src.rpm
i386: kernel-2.6.32-279.43.1.el6.i686.rpm kernel-debug-2.6.32-279.43.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-279.43.1.el6.i686.rpm kernel-debug-devel-2.6.32-279.43.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.43.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.43.1.el6.i686.rpm kernel-devel-2.6.32-279.43.1.el6.i686.rpm kernel-headers-2.6.32-279.43.1.el6.i686.rpm perf-2.6.32-279.43.1.el6.i686.rpm perf-debuginfo-2.6.32-279.43.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.i686.rpm
noarch: kernel-doc-2.6.32-279.43.1.el6.noarch.rpm kernel-firmware-2.6.32-279.43.1.el6.noarch.rpm
ppc64: kernel-2.6.32-279.43.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-279.43.1.el6.ppc64.rpm kernel-debug-2.6.32-279.43.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-279.43.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.43.1.el6.ppc64.rpm kernel-devel-2.6.32-279.43.1.el6.ppc64.rpm kernel-headers-2.6.32-279.43.1.el6.ppc64.rpm perf-2.6.32-279.43.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm
s390x: kernel-2.6.32-279.43.1.el6.s390x.rpm kernel-debug-2.6.32-279.43.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-279.43.1.el6.s390x.rpm kernel-debug-devel-2.6.32-279.43.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.43.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.43.1.el6.s390x.rpm kernel-devel-2.6.32-279.43.1.el6.s390x.rpm kernel-headers-2.6.32-279.43.1.el6.s390x.rpm kernel-kdump-2.6.32-279.43.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.43.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-279.43.1.el6.s390x.rpm perf-2.6.32-279.43.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm
x86_64: kernel-2.6.32-279.43.1.el6.x86_64.rpm kernel-debug-2.6.32-279.43.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm kernel-devel-2.6.32-279.43.1.el6.x86_64.rpm kernel-headers-2.6.32-279.43.1.el6.x86_64.rpm perf-2.6.32-279.43.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.3):
Source: kernel-2.6.32-279.43.1.el6.src.rpm
i386: kernel-debug-debuginfo-2.6.32-279.43.1.el6.i686.rpm kernel-debuginfo-2.6.32-279.43.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-279.43.1.el6.i686.rpm perf-debuginfo-2.6.32-279.43.1.el6.i686.rpm python-perf-2.6.32-279.43.1.el6.i686.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.i686.rpm
ppc64: kernel-debug-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-279.43.1.el6.ppc64.rpm perf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm python-perf-2.6.32-279.43.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm
s390x: kernel-debug-debuginfo-2.6.32-279.43.1.el6.s390x.rpm kernel-debuginfo-2.6.32-279.43.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-279.43.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-279.43.1.el6.s390x.rpm perf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm python-perf-2.6.32-279.43.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm
x86_64: kernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm python-perf-2.6.32-279.43.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0101.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. (CVE-2014-2672)
Adhemerval Zanella Neto discovered a flaw the in the Transactional Memory (TM) implementation for powerpc based machine. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-2906-1 security@debian.org http://www.debian.org/security/ Dann Frazier April 24, 2014 http://www.debian.org/security/faq
Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4512 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381 CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264 CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039 CVE-2014-2523 CVE-2103-2929
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2013-0343
George Kargiotakis reported an issue in the temporary address handling
of the IPv6 privacy extensions. Users on the same LAN can cause a denial
of service or obtain access to sensitive information by sending router
advertisement messages that cause temporary address generation to be
disabled.
CVE-2013-2147
Dan Carpenter reported issues in the cpqarray driver for Compaq
Smart2 Controllers and the cciss driver for HP Smart Array controllers
allowing users to gain access to sensitive kernel memory.
CVE-2013-2889
Kees Cook discovered missing input sanitization in the HID driver for
Zeroplus game pads that could lead to a local denial of service.
CVE-2013-2893
Kees Cook discovered that missing input sanitization in the HID driver
for various Logitech force feedback devices could lead to a local denial
of service.
CVE-2013-2929
Vasily Kulikov discovered that a flaw in the get_dumpable() function of
the ptrace subsytsem could lead to information disclosure. Only systems
with the fs.suid_dumpable sysctl set to a non-default value of '2' are
vulnerable.
CVE-2013-4162
Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets
using the UDP_CORK option could result in denial of service.
CVE-2013-4299
Fujitsu reported an issue in the device-mapper subsystem. Local users
could gain access to sensitive kernel memory.
CVE-2013-4345
Stephan Mueller found in bug in the ANSI pseudo random number generator
which could lead to the use of less entropy than expected.
CVE-2013-4512
Nico Golde and Fabian Yamaguchi reported an issue in the user mode
linux port. A buffer overflow condition exists in the write method
for the /proc/exitcode file. Local users with sufficient privileges
allowing them to write to this file could gain further elevated
privileges.
CVE-2013-4587
Andrew Honig of Google reported an issue in the KVM virtualization
subsystem. A local user could gain elevated privileges by passing
a large vcpu_id parameter.
CVE-2013-6367
Andrew Honig of Google reported an issue in the KVM virtualization
subsystem. A divide-by-zero condition could allow a guest user to
cause a denial of service on the host (crash).
CVE-2013-6380
Mahesh Rajashekhara reported an issue in the aacraid driver for storage
products from various vendors. Local users with CAP_SYS_ADMIN privileges
could gain further elevated privileges.
CVE-2013-6381
Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet
device support for s390 systems. Local users could cause a denial of
service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL
ioctl.
CVE-2013-6382
Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.
Local users with CAP_SYS_ADMIN privileges could gain further elevated
privileges.
CVE-2013-6383
Dan Carpenter reported an issue in the aacraid driver for storage devices
from various vendors. A local user could gain elevated privileges due to
a missing privilege level check in the aac_compat_ioctl function.
CVE-2013-7263 CVE-2013-7264 CVE-2013-7265
mpb reported an information leak in the recvfrom, recvmmsg and recvmsg
system calls. A local user could obtain access to sensitive kernel memory.
CVE-2013-7339
Sasha Levin reported an issue in the RDS network protocol over Infiniband.
A local user could cause a denial of service condition.
CVE-2014-0101
Nokia Siemens Networks reported an issue in the SCTP network protocol
subsystem. Remote users could cause a denial of service (NULL pointer
dereference).
CVE-2014-1444
Salva Peiro reported an issue in the FarSync WAN driver. Local users
with the CAP_NET_ADMIN capability could gain access to sensitive kernel
memory.
CVE-2014-1445
Salva Peiro reported an issue in the wanXL serial card driver. Local
users could gain access to sensitive kernel memory.
CVE-2014-1446
Salva Peiro reported an issue in the YAM radio modem driver. Local users
with the CAP_NET_ADMIN capability could gain access to sensitive kernel
memory.
CVE-2014-1874
Matthew Thode reported an issue in the SELinux subsystem. A local user
with CAP_MAC_ADMIN privileges could cause a denial of service by setting
an empty security context on a file.
CVE-2014-2039
Martin Schwidefsky reported an issue on s390 systems. A local user
could cause a denial of service (kernel oops) by executing an application
with a linkage stack instruction.
CVE-2014-2523
Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp
module.
For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze5.
The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+48squeeze5
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJTWaeAAAoJEBv4PF5U/IZAzFkP/2+YLfDXhZaBIoR1gugvac+F q3/PgKXURH35N2vOU3pTkmYgwZh6gOHCzLJ3/ae2qL2GDTw5ZLu2EYv+xiJLOk8a 9k5dki6j2k38EI7ktTn7BMVfOgoZTmlfYYVjdGmRU+2YEXu1ATr4zt0wN4azvThU 25sgo21rYcaMPvOwng922/RAFQPtDZmAODTXxfpkL6c/zzeMLOILqlAYRe9uMfu5 4X8G1/wglfSzx6b4yWZPvltWCgW+yi3OklrAalSsn8PnDf7yS8wWmxXsZ0pOEHHV 7bbUCMDYtUkqqTq9/Ak/ohGo3mJkPJnzSeg8ShemSEY40NTlIbSmfUTYepTovhCF A7A8TmYUhsAavD+DUxbQvYJjRKufzsymCg3yA0qp9JTKVRr5/IVkqpSeAx2Hpo7C Jqkf0Or4t9BYc5juJasgicb4ttyYlleGnlJ8+ojelxXLROkH8EnIv3CDP87WGnOt Dora/G+Al0AmRuk6TQuZofMtXK9dcBanN2+jr7HipE6dnH7vMo7xn979NdEaTkHs Yskm+FJJXFoTGS49/V2YlIhDU2zuCnXodGYsZl+RSI54XPMkKrrfKZ6zRIJ5r3vJ IFiqcMUlNJtEU4viwMjBkXlMvQZoN0e44ufK+/+VfQYPrj3puYoYLq1FOeF0JFaE 8D7zI3prwl5DKG9kWEaq =T6VL -----END PGP SIGNATURE----- .
Software Description: - linux-lts-quantal: Linux hardware enablement kernel from Quantal
Details:
Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. (CVE-2014-1738)
Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. (CVE-2014-1737)
A flaw was discovered in the Linux kernel's IPC reference counting. (CVE-2014-0055)
A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. (CVE-2014-0077)
A flaw was discovered in the Linux kernel's handling of the SCTP handshake. (CVE-2014-2309)
An error was discovered in the Linux kernel's DCCP protocol support. (CVE-2014-2523)
Max Sydorenko discovered a race condition in the Atheros 9k wireless driver in the Linux kernel. (CVE-2014-2672)
An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. (CVE-2014-2678)
Yaara Rozenblum discovered a race condition in the Linux kernel's Generic IEEE 802.11 Networking Stack (mac80211). (CVE-2014-2706)
A flaw was discovered in the Linux kernel's ping sockets. (CVE-2014-3122)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: linux-image-3.5.0-51-generic 3.5.0-51.76~precise1
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip enterprise manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.1.1"
},
{
"model": "big-ip enterprise manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.3"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-iq adc",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq security",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "4.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip protocol security module",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-iq cloud",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.12.15"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.13.7"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "big-iq device",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "4.2.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.4.84"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-iq centralized management",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "4.6.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "2.6.24"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "big-iq security",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-iq cloud",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "4.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "big-iq device",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-ip wan optimization manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.13"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.10.34"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip protocol security module",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.5.3"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.11"
},
{
"model": "big-ip enterprise manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.3.0"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip enterprise manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.1.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.2.56"
},
{
"model": "kernel",
"scope": "lte",
"trust": 0.8,
"vendor": "linux",
"version": "3.13.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.10.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.12.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.12.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "3.13.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.19.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.24.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25"
},
{
"model": "kernel rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.40"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.26"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.12"
},
{
"model": "kernel 2.6.33-rc7",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.28"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.43"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.28"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.52"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.45"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.3.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.31.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.34.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.4"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.38"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.37"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.39"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "linux enterprise server unsupported extras",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.50"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.14.6"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.9"
},
{
"model": "kernel rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.47"
},
{
"model": "kernel 2.6.36-rc8",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.46"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.38.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.29"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.24.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.19.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.22"
},
{
"model": "kernel 2.6.35-rc5",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.48"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.26.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.15.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.36"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.21.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.38"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.8"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.35.13"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11.2"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.29.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.0.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.25"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.24"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18.6"
},
{
"model": "kernel rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.26"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.33.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18.2"
},
{
"model": "kernel 2.6.36-rc6",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel 2.6.28-rc7",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.19.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.36"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.15.2"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.31.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.53"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.41"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.38.2"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.5"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.4"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.31.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.24.4"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.10"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.0.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.49"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.35"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.7"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.4"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel 2.6.36-rc4",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.24.3"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.3"
},
{
"model": "kernel 2.6.28-rc6",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.21.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.3113"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17.8"
},
{
"model": "kernel 2.6.35-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.21.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20-2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.34"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.30"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.26.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.29.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.31"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.1"
},
{
"model": "kernel 2.6.36-rc5",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.38.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.13"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.6"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.31"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.3.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.2"
},
{
"model": "kernel rc7",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.29"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.3.4"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18.8"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.24"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.13.5"
},
{
"model": "kernel rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.38.6"
},
{
"model": "opensuse factory",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.17"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.0.18"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.0.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.23.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.39"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.214"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.44"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.32"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.19.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.11"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.27"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.6"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.10"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.24.1"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.9"
},
{
"model": "kernel rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.21.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.21"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.22"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.14.7"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.13"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.35.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.33.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.26.6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.12"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.15.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.16"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.9"
},
{
"model": "kernel 2.6.36-rc1",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.31.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.7"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.11.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.9"
},
{
"model": "kernel 2.6.35-rc4",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.2.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.33"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.23"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.26"
},
{
"model": "kernel rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.54"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.0.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.25.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.5"
},
{
"model": "kernel rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.19"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.13"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.17"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.32.12"
},
{
"model": "kernel rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.2"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "kernel 2.6.35-rc6",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.51"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.51"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.33"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.22.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.23.09"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.27.49"
},
{
"model": "kernel -rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.23"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.31.11"
},
{
"model": "kernel 2.6.28-rc4",
"scope": null,
"trust": 0.3,
"vendor": "linux",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.315"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.20.9"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30.4"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.37.2"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.21.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.15"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.24"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.20"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "3.1.8"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.28.3"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.35.5"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.26.4"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.16.46"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.23.14"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.23.1"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.18-53"
},
{
"model": "kernel rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17"
},
{
"model": "kernel rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.17"
},
{
"model": "kernel -rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "2.6.30"
}
],
"sources": [
{
"db": "BID",
"id": "65943"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:linux:linux_kernel",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "126343"
},
{
"db": "PACKETSTORM",
"id": "126800"
},
{
"db": "PACKETSTORM",
"id": "126795"
},
{
"db": "PACKETSTORM",
"id": "126793"
},
{
"db": "PACKETSTORM",
"id": "126798"
},
{
"db": "PACKETSTORM",
"id": "126796"
}
],
"trust": 0.6
},
"cve": "CVE-2014-0101",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0101",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0101",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-67594",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0101",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0101",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-197",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67594",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0101",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67594"
},
{
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. The Linux kernel is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected computer, denying service to legitimate users. The NFSv4 implementation is one of the distributed file system protocols. The vulnerability stems from the fact that the program does not verify the auth_enable and auth_capable fields before calling sctp_sf_authenticate. 6.2) - x86_64\n\n3. (CVE-2014-0101, Important)\n\n* A race condition flaw, leading to heap-based buffer overflows, was found\nin the way the Linux kernel\u0027s N_TTY line discipline (LDISC) implementation\nhandled concurrent processing of echo output and TTY write operations\noriginating from user space when the underlying TTY driver was PTY. \n\nThis update also fixes the following bug:\n\n* Prior to this update, a guest-provided value was used as the head length\nof the socket buffer allocated on the host. If the host was under heavy\nmemory load and the guest-provided value was too large, the allocation\ncould have failed, resulting in stalls and packet drops in the guest\u0027s Tx\npath. With this update, the guest-provided value has been limited to a\nreasonable size so that socket buffer allocations on the host succeed\nregardless of the memory load on the host, and guests can send packets\nwithout experiencing packet drops or stalls. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Compute Node EUS (v. 6.3) - noarch, x86_64\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.3) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64\n\n3. \n\n* A flaw was found in the way the Linux kernel processed an authenticated\nCOOKIE_ECHO chunk during the initialization of an SCTP connection. \n\nThis update also fixes the following bug:\n\n* Due to an incorrect call of the weak-modules script in the kernel spec\nfile, the weak-modules directory was removed from the system when removing\nor upgrading certain kernel packages related to weak-modules, such as\nkernel-debug. With this update, the weak-modules call in the kernel spec\nfile has been corrected, and the script now preserves the weak-modules\ndirectory on the system in this scenario. (BZ#1076599)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not use\n\"rpm -Uvh\" as that will remove the running kernel binaries from your\nsystem. You may use \"rpm -e\" to remove old kernels after determining that\nthe new kernel functions properly on your system. \n\n5. Package List:\n\nRed Hat Enterprise Linux Compute Node EUS (v. 6.3):\n\nSource:\nkernel-2.6.32-279.43.1.el6.src.rpm\n\nnoarch:\nkernel-doc-2.6.32-279.43.1.el6.noarch.rpm\nkernel-firmware-2.6.32-279.43.1.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debug-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-devel-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-headers-2.6.32-279.43.1.el6.x86_64.rpm\nperf-2.6.32-279.43.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.3):\n\nSource:\nkernel-2.6.32-279.43.1.el6.src.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\npython-perf-2.6.32-279.43.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.3):\n\nSource:\nkernel-2.6.32-279.43.1.el6.src.rpm\n\ni386:\nkernel-2.6.32-279.43.1.el6.i686.rpm\nkernel-debug-2.6.32-279.43.1.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.i686.rpm\nkernel-debug-devel-2.6.32-279.43.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-279.43.1.el6.i686.rpm\nkernel-devel-2.6.32-279.43.1.el6.i686.rpm\nkernel-headers-2.6.32-279.43.1.el6.i686.rpm\nperf-2.6.32-279.43.1.el6.i686.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.i686.rpm\n\nnoarch:\nkernel-doc-2.6.32-279.43.1.el6.noarch.rpm\nkernel-firmware-2.6.32-279.43.1.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debug-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-devel-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-headers-2.6.32-279.43.1.el6.ppc64.rpm\nperf-2.6.32-279.43.1.el6.ppc64.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debug-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debug-devel-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-279.43.1.el6.s390x.rpm\nkernel-devel-2.6.32-279.43.1.el6.s390x.rpm\nkernel-headers-2.6.32-279.43.1.el6.s390x.rpm\nkernel-kdump-2.6.32-279.43.1.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-279.43.1.el6.s390x.rpm\nperf-2.6.32-279.43.1.el6.s390x.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debug-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-devel-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-headers-2.6.32-279.43.1.el6.x86_64.rpm\nperf-2.6.32-279.43.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.3):\n\nSource:\nkernel-2.6.32-279.43.1.el6.src.rpm\n\ni386:\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.i686.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-279.43.1.el6.i686.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.i686.rpm\npython-perf-2.6.32-279.43.1.el6.i686.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-279.43.1.el6.ppc64.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\npython-perf-2.6.32-279.43.1.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-279.43.1.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\npython-perf-2.6.32-279.43.1.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-279.43.1.el6.x86_64.rpm\nperf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\npython-perf-2.6.32-279.43.1.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-279.43.1.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0101.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. (CVE-2014-2672)\n\nAdhemerval Zanella Neto discovered a flaw the in the Transactional Memory\n(TM) implementation for powerpc based machine. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ----------------------------------------------------------------------\nDebian Security Advisory DSA-2906-1 security@debian.org\nhttp://www.debian.org/security/ Dann Frazier\nApril 24, 2014 http://www.debian.org/security/faq\n- ----------------------------------------------------------------------\n\nPackage : linux-2.6\nVulnerability : privilege escalation/denial of service/information leak\nProblem type : local/remote\nDebian-specific: no\nCVE Id(s) : CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893\n CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4512\n CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6381\n CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7264\n CVE-2013-7265 CVE-2013-7339 CVE-2014-0101 CVE-2014-1444\n CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2039\n CVE-2014-2523 CVE-2103-2929\n\nSeveral vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2013-0343\n\n George Kargiotakis reported an issue in the temporary address handling\n of the IPv6 privacy extensions. Users on the same LAN can cause a denial\n of service or obtain access to sensitive information by sending router\n advertisement messages that cause temporary address generation to be\n disabled. \n\nCVE-2013-2147\n\n Dan Carpenter reported issues in the cpqarray driver for Compaq\n Smart2 Controllers and the cciss driver for HP Smart Array controllers\n allowing users to gain access to sensitive kernel memory. \n\nCVE-2013-2889\n\n Kees Cook discovered missing input sanitization in the HID driver for\n Zeroplus game pads that could lead to a local denial of service. \n\nCVE-2013-2893\n\n Kees Cook discovered that missing input sanitization in the HID driver\n for various Logitech force feedback devices could lead to a local denial\n of service. \n\nCVE-2013-2929\n\n Vasily Kulikov discovered that a flaw in the get_dumpable() function of\n the ptrace subsytsem could lead to information disclosure. Only systems\n with the fs.suid_dumpable sysctl set to a non-default value of \u00272\u0027 are\n vulnerable. \n\nCVE-2013-4162\n\n Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets\n using the UDP_CORK option could result in denial of service. \n\nCVE-2013-4299\n\n Fujitsu reported an issue in the device-mapper subsystem. Local users\n could gain access to sensitive kernel memory. \n\nCVE-2013-4345\n\n Stephan Mueller found in bug in the ANSI pseudo random number generator\n which could lead to the use of less entropy than expected. \n\nCVE-2013-4512\n\n Nico Golde and Fabian Yamaguchi reported an issue in the user mode\n linux port. A buffer overflow condition exists in the write method\n for the /proc/exitcode file. Local users with sufficient privileges\n allowing them to write to this file could gain further elevated\n privileges. \n\nCVE-2013-4587\n\n Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A local user could gain elevated privileges by passing\n a large vcpu_id parameter. \n\nCVE-2013-6367\n\n Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A divide-by-zero condition could allow a guest user to\n cause a denial of service on the host (crash). \n\nCVE-2013-6380\n\n Mahesh Rajashekhara reported an issue in the aacraid driver for storage\n products from various vendors. Local users with CAP_SYS_ADMIN privileges\n could gain further elevated privileges. \n\nCVE-2013-6381\n\n Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet\n device support for s390 systems. Local users could cause a denial of\n service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL\n ioctl. \n\nCVE-2013-6382\n\n Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem. \n Local users with CAP_SYS_ADMIN privileges could gain further elevated\n privileges. \n\nCVE-2013-6383\n\n Dan Carpenter reported an issue in the aacraid driver for storage devices\n from various vendors. A local user could gain elevated privileges due to\n a missing privilege level check in the aac_compat_ioctl function. \n\nCVE-2013-7263 CVE-2013-7264 CVE-2013-7265\n\n mpb reported an information leak in the recvfrom, recvmmsg and recvmsg\n system calls. A local user could obtain access to sensitive kernel memory. \n\nCVE-2013-7339\n\n Sasha Levin reported an issue in the RDS network protocol over Infiniband. \n A local user could cause a denial of service condition. \n\nCVE-2014-0101\n\n Nokia Siemens Networks reported an issue in the SCTP network protocol\n subsystem. Remote users could cause a denial of service (NULL pointer\n dereference). \n\nCVE-2014-1444\n\n Salva Peiro reported an issue in the FarSync WAN driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory. \n\nCVE-2014-1445\n\n Salva Peiro reported an issue in the wanXL serial card driver. Local\n users could gain access to sensitive kernel memory. \n\nCVE-2014-1446\n\n Salva Peiro reported an issue in the YAM radio modem driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory. \n\nCVE-2014-1874\n\n Matthew Thode reported an issue in the SELinux subsystem. A local user\n with CAP_MAC_ADMIN privileges could cause a denial of service by setting\n an empty security context on a file. \n \nCVE-2014-2039\n\n Martin Schwidefsky reported an issue on s390 systems. A local user\n could cause a denial of service (kernel oops) by executing an application\n with a linkage stack instruction. \n\nCVE-2014-2523\n\n Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp\n module. \n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze5. \n\nThe following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:\n\n Debian 6.0 (squeeze)\n user-mode-linux 2.6.32-1um-4+48squeeze5\n\nWe recommend that you upgrade your linux-2.6 and user-mode-linux packages. \n\nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support. \nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJTWaeAAAoJEBv4PF5U/IZAzFkP/2+YLfDXhZaBIoR1gugvac+F\nq3/PgKXURH35N2vOU3pTkmYgwZh6gOHCzLJ3/ae2qL2GDTw5ZLu2EYv+xiJLOk8a\n9k5dki6j2k38EI7ktTn7BMVfOgoZTmlfYYVjdGmRU+2YEXu1ATr4zt0wN4azvThU\n25sgo21rYcaMPvOwng922/RAFQPtDZmAODTXxfpkL6c/zzeMLOILqlAYRe9uMfu5\n4X8G1/wglfSzx6b4yWZPvltWCgW+yi3OklrAalSsn8PnDf7yS8wWmxXsZ0pOEHHV\n7bbUCMDYtUkqqTq9/Ak/ohGo3mJkPJnzSeg8ShemSEY40NTlIbSmfUTYepTovhCF\nA7A8TmYUhsAavD+DUxbQvYJjRKufzsymCg3yA0qp9JTKVRr5/IVkqpSeAx2Hpo7C\nJqkf0Or4t9BYc5juJasgicb4ttyYlleGnlJ8+ojelxXLROkH8EnIv3CDP87WGnOt\nDora/G+Al0AmRuk6TQuZofMtXK9dcBanN2+jr7HipE6dnH7vMo7xn979NdEaTkHs\nYskm+FJJXFoTGS49/V2YlIhDU2zuCnXodGYsZl+RSI54XPMkKrrfKZ6zRIJ5r3vJ\nIFiqcMUlNJtEU4viwMjBkXlMvQZoN0e44ufK+/+VfQYPrj3puYoYLq1FOeF0JFaE\n8D7zI3prwl5DKG9kWEaq\n=T6VL\n-----END PGP SIGNATURE-----\n. \n\nSoftware Description:\n- linux-lts-quantal: Linux hardware enablement kernel from Quantal\n\nDetails:\n\nMatthew Daley reported an information leak in the floppy disk driver of the\nLinux kernel. (CVE-2014-1738)\n\nMatthew Daley reported a flaw in the handling of ioctl commands by the\nfloppy disk driver in the Linux kernel. (CVE-2014-1737)\n\nA flaw was discovered in the Linux kernel\u0027s IPC reference counting. (CVE-2014-0055)\n\nA flaw was discovered in the handling of network packets when mergeable\nbuffers are disabled for virtual machines in the Linux kernel. (CVE-2014-0077)\n\nA flaw was discovered in the Linux kernel\u0027s handling of the SCTP handshake. (CVE-2014-2309)\n\nAn error was discovered in the Linux kernel\u0027s DCCP protocol support. (CVE-2014-2523)\n\nMax Sydorenko discovered a race condition in the Atheros 9k wireless driver\nin the Linux kernel. (CVE-2014-2672)\n\nAn error was discovered in the Reliable Datagram Sockets (RDS) protocol\nstack in the Linux kernel. \n(CVE-2014-2678)\n\nYaara Rozenblum discovered a race condition in the Linux kernel\u0027s Generic\nIEEE 802.11 Networking Stack (mac80211). (CVE-2014-2706)\n\nA flaw was discovered in the Linux kernel\u0027s ping sockets. (CVE-2014-3122)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n linux-image-3.5.0-51-generic 3.5.0-51.76~precise1\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. Unless you\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\nlinux-server, linux-powerpc), a standard system upgrade will automatically\nperform this as well",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "BID",
"id": "65943"
},
{
"db": "VULHUB",
"id": "VHN-67594"
},
{
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"db": "PACKETSTORM",
"id": "126343"
},
{
"db": "PACKETSTORM",
"id": "126800"
},
{
"db": "PACKETSTORM",
"id": "126795"
},
{
"db": "PACKETSTORM",
"id": "126793"
},
{
"db": "PACKETSTORM",
"id": "126729"
},
{
"db": "PACKETSTORM",
"id": "126255"
},
{
"db": "PACKETSTORM",
"id": "126798"
},
{
"db": "PACKETSTORM",
"id": "126321"
},
{
"db": "PACKETSTORM",
"id": "126796"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67594",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67594"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0101",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/03/04/6",
"trust": 2.6
},
{
"db": "BID",
"id": "65943",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "59216",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "126255",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126343",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126729",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126295",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126346",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67594",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0101",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126795",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126793",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126321",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126796",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67594"
},
{
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"db": "BID",
"id": "65943"
},
{
"db": "PACKETSTORM",
"id": "126343"
},
{
"db": "PACKETSTORM",
"id": "126800"
},
{
"db": "PACKETSTORM",
"id": "126795"
},
{
"db": "PACKETSTORM",
"id": "126793"
},
{
"db": "PACKETSTORM",
"id": "126729"
},
{
"db": "PACKETSTORM",
"id": "126255"
},
{
"db": "PACKETSTORM",
"id": "126798"
},
{
"db": "PACKETSTORM",
"id": "126321"
},
{
"db": "PACKETSTORM",
"id": "126796"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"id": "VAR-201403-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67594"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T23:04:09.185000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable",
"trust": 0.8,
"url": "https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729"
},
{
"title": "Linux Kernel Archives",
"trust": 0.8,
"url": "http://www.kernel.org"
},
{
"title": "net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable",
"trust": 0.8,
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729"
},
{
"title": "Bug 1070705",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070705"
},
{
"title": "RHSA-2014:0328",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
},
{
"title": "fba54a407bb2b7c2aae62ac2d03df806bc1a794a",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48590"
},
{
"title": "11dac21e658690cdf01d7eb41c7e653d142ad9d4",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=48589"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2173-1"
},
{
"title": "Ubuntu Security Notice: linux-ec2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2174-1"
},
{
"title": "Amazon Linux AMI: ALAS-2014-317",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-317"
},
{
"title": "Red Hat: CVE-2014-0101",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0101"
},
{
"title": "Ubuntu Security Notice: linux-lts-quantal vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2223-1"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2228-1"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2221-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-raring vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2224-1"
},
{
"title": "Ubuntu Security Notice: linux-ti-omap4 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2227-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-saucy vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2225-1"
},
{
"title": "DRA_writeup",
"trust": 0.1,
"url": "https://github.com/KPN-CISO/DRA_writeup "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2014/03/04/6"
},
{
"trust": 2.1,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html"
},
{
"trust": 2.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070705"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0419.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2173-1"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/59216"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/65943"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0328.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0432.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2174-1"
},
{
"trust": 1.8,
"url": "https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729"
},
{
"trust": 1.7,
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3ba=commit%3bh=ec0223ec48a90cb605244b45f7c62de856403729"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0101"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0101"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0101"
},
{
"trust": 0.7,
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2523"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2014:0419"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2014-0101"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2014:0432"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2014:0520"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2014:0328"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2706"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2851"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1738"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2309"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2678"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2672"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1737"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0077"
},
{
"trust": 0.3,
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f9"
},
{
"trust": 0.3,
"url": "http://www.kernel.org/"
},
{
"trust": 0.3,
"url": "http://patchwork.ozlabs.org/patch/325898/"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100180030"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4483"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0055"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0069"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3122"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0101.html"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2014-317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2173-1/"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/linuxrpm-rhsa-2014-0432"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/2.6.32-58.120"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1446.65"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2227-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-raring/3.8.0-41.60~precise1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2224-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.2.0-63.95"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2221-1"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0196.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0520.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-saucy/3.11.0-22.38~precise1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2673"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2225-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0100"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6367"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2103-2929"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2147"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7339"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-quantal/3.5.0-51.76~precise1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2223-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67594"
},
{
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"db": "BID",
"id": "65943"
},
{
"db": "PACKETSTORM",
"id": "126343"
},
{
"db": "PACKETSTORM",
"id": "126800"
},
{
"db": "PACKETSTORM",
"id": "126795"
},
{
"db": "PACKETSTORM",
"id": "126793"
},
{
"db": "PACKETSTORM",
"id": "126729"
},
{
"db": "PACKETSTORM",
"id": "126255"
},
{
"db": "PACKETSTORM",
"id": "126798"
},
{
"db": "PACKETSTORM",
"id": "126321"
},
{
"db": "PACKETSTORM",
"id": "126796"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67594"
},
{
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"db": "BID",
"id": "65943"
},
{
"db": "PACKETSTORM",
"id": "126343"
},
{
"db": "PACKETSTORM",
"id": "126800"
},
{
"db": "PACKETSTORM",
"id": "126795"
},
{
"db": "PACKETSTORM",
"id": "126793"
},
{
"db": "PACKETSTORM",
"id": "126729"
},
{
"db": "PACKETSTORM",
"id": "126255"
},
{
"db": "PACKETSTORM",
"id": "126798"
},
{
"db": "PACKETSTORM",
"id": "126321"
},
{
"db": "PACKETSTORM",
"id": "126796"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-67594"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"date": "2014-02-27T00:00:00",
"db": "BID",
"id": "65943"
},
{
"date": "2014-04-26T18:57:25",
"db": "PACKETSTORM",
"id": "126343"
},
{
"date": "2014-05-27T16:02:18",
"db": "PACKETSTORM",
"id": "126800"
},
{
"date": "2014-05-27T16:00:50",
"db": "PACKETSTORM",
"id": "126795"
},
{
"date": "2014-05-27T16:00:19",
"db": "PACKETSTORM",
"id": "126793"
},
{
"date": "2014-05-21T03:19:22",
"db": "PACKETSTORM",
"id": "126729"
},
{
"date": "2014-04-22T23:41:05",
"db": "PACKETSTORM",
"id": "126255"
},
{
"date": "2014-05-27T16:02:06",
"db": "PACKETSTORM",
"id": "126798"
},
{
"date": "2014-04-25T17:49:50",
"db": "PACKETSTORM",
"id": "126321"
},
{
"date": "2014-05-27T16:01:52",
"db": "PACKETSTORM",
"id": "126796"
},
{
"date": "2014-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"date": "2014-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"date": "2014-03-11T13:01:06.733000",
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-67594"
},
{
"date": "2020-08-25T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0101"
},
{
"date": "2015-04-13T20:26:00",
"db": "BID",
"id": "65943"
},
{
"date": "2023-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-197"
},
{
"date": "2014-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001608"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126343"
},
{
"db": "PACKETSTORM",
"id": "126255"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Kernel of net/sctp/sm_statefuns.c Inside sctp_sf_do_5_1D_ce Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-197"
}
],
"trust": 0.6
}
}
CVE-2024-22038 (GCVE-0-2024-22038)
Vulnerability from nvd – Published: 2024-11-28 09:38 – Updated: 2024-11-28 12:15
VLAI?
Title
DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge
Summary
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
0 , < 0.5.2
(semver)
|
Credits
Matthias Gerstner of SUSE
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-28T12:09:30.908633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T12:15:16.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "obs-scm-bridge",
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2024-11-14T10:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.\u003cbr\u003e"
}
],
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T09:38:03.449Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22038",
"datePublished": "2024-11-28T09:38:03.449Z",
"dateReserved": "2024-01-04T12:38:34.026Z",
"dateUpdated": "2024-11-28T12:15:16.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45155 (GCVE-0-2022-45155)
Vulnerability from nvd – Published: 2023-03-15 00:00 – Updated: 2025-02-27 15:00
VLAI?
Title
obs-service-go_modules: arbitrary directory delete
Summary
An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.
Severity ?
5.5 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
unspecified , < 0.6.1
(custom)
|
Credits
Thomas Leroy of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201138"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45155",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T15:00:31.265165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T15:00:44.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thomas Leroy of SUSE"
}
],
"datePublic": "2023-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201138"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1201138",
"defect": [
"1201138"
],
"discovery": "INTERNAL"
},
"title": "obs-service-go_modules: arbitrary directory delete",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-45155",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2022-11-11T00:00:00.000Z",
"dateUpdated": "2025-02-27T15:00:44.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31256 (GCVE-0-2022-31256)
Vulnerability from nvd – Published: 2022-10-26 08:55 – Updated: 2025-05-09 19:11
VLAI?
Title
sendmail: mail to root privilege escalation via sm-client.pre script
Summary
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
Severity ?
7.7 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
sendmail , < 8.17.1-1.1
(custom)
|
Credits
Matthias Gerstner and Filippo Bonazzi from SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1204696"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:11:41.776330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:11:55.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.17.1-1.1",
"status": "affected",
"version": "sendmail",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner and Filippo Bonazzi from SUSE"
}
],
"datePublic": "2022-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1204696"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1204696",
"defect": [
"1204696"
],
"discovery": "INTERNAL"
},
"title": "sendmail: mail to root privilege escalation via sm-client.pre script",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-31256",
"datePublished": "2022-10-26T08:55:09.458Z",
"dateReserved": "2022-05-20T00:00:00.000Z",
"dateUpdated": "2025-05-09T19:11:55.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31251 (GCVE-0-2022-31251)
Vulnerability from nvd – Published: 2022-09-07 08:55 – Updated: 2024-09-17 01:10
VLAI?
Title
slurm: %post for slurm-testsuite operates as root in user owned directory
Summary
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
Severity ?
6.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
slurm , < 22.05.2-3.3
(custom)
|
Credits
Johannes Segitz from SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "22.05.2-3.3",
"status": "affected",
"version": "slurm",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz from SUSE"
}
],
"datePublic": "2022-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201674"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1201674",
"defect": [
"1201674"
],
"discovery": "INTERNAL"
},
"title": "slurm: %post for slurm-testsuite operates as root in user owned directory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-31251",
"datePublished": "2022-09-07T08:55:09.171815Z",
"dateReserved": "2022-05-20T00:00:00",
"dateUpdated": "2024-09-17T01:10:54.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46705 (GCVE-0-2021-46705)
Vulnerability from nvd – Published: 2022-03-16 09:50 – Updated: 2024-09-16 19:46
VLAI?
Title
grub2-once uses fixed file name in /var/tmp
Summary
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
Severity ?
5.1 (Medium)
CWE
- CWE-377 - Insecure Temporary File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 SP4 |
Affected:
grub2 , < 2.06-150400.7.1
(custom)
|
|||||||
|
|||||||||
Credits
Ludwig Nussel of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15 SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.06-150400.7.1",
"status": "affected",
"version": "grub2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.06-18.1",
"status": "affected",
"version": "grub2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ludwig Nussel of SUSE"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377: Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:50:10",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1190474",
"defect": [
"1190474"
],
"discovery": "INTERNAL"
},
"title": "grub2-once uses fixed file name in /var/tmp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2022-02-23T00:00:00.000Z",
"ID": "CVE-2021-46705",
"STATE": "PUBLIC",
"TITLE": "grub2-once uses fixed file name in /var/tmp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15 SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "grub2",
"version_value": "2.06-150400.7.1"
}
]
}
},
{
"product_name": "openSUSE Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "grub2",
"version_value": "2.06-18.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ludwig Nussel of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377: Insecure Temporary File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1190474",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1190474",
"defect": [
"1190474"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-46705",
"datePublished": "2022-03-16T09:50:10.172983Z",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-09-16T19:46:27.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22038 (GCVE-0-2024-22038)
Vulnerability from cvelistv5 – Published: 2024-11-28 09:38 – Updated: 2024-11-28 12:15
VLAI?
Title
DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge
Summary
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
0 , < 0.5.2
(semver)
|
Credits
Matthias Gerstner of SUSE
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-28T12:09:30.908633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T12:15:16.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "obs-scm-bridge",
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2024-11-14T10:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.\u003cbr\u003e"
}
],
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T09:38:03.449Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22038",
"datePublished": "2024-11-28T09:38:03.449Z",
"dateReserved": "2024-01-04T12:38:34.026Z",
"dateUpdated": "2024-11-28T12:15:16.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45155 (GCVE-0-2022-45155)
Vulnerability from cvelistv5 – Published: 2023-03-15 00:00 – Updated: 2025-02-27 15:00
VLAI?
Title
obs-service-go_modules: arbitrary directory delete
Summary
An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.
Severity ?
5.5 (Medium)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
unspecified , < 0.6.1
(custom)
|
Credits
Thomas Leroy of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201138"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45155",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T15:00:31.265165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T15:00:44.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thomas Leroy of SUSE"
}
],
"datePublic": "2023-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201138"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1201138",
"defect": [
"1201138"
],
"discovery": "INTERNAL"
},
"title": "obs-service-go_modules: arbitrary directory delete",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-45155",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2022-11-11T00:00:00.000Z",
"dateUpdated": "2025-02-27T15:00:44.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31256 (GCVE-0-2022-31256)
Vulnerability from cvelistv5 – Published: 2022-10-26 08:55 – Updated: 2025-05-09 19:11
VLAI?
Title
sendmail: mail to root privilege escalation via sm-client.pre script
Summary
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
Severity ?
7.7 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
sendmail , < 8.17.1-1.1
(custom)
|
Credits
Matthias Gerstner and Filippo Bonazzi from SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1204696"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:11:41.776330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:11:55.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.17.1-1.1",
"status": "affected",
"version": "sendmail",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner and Filippo Bonazzi from SUSE"
}
],
"datePublic": "2022-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1204696"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1204696",
"defect": [
"1204696"
],
"discovery": "INTERNAL"
},
"title": "sendmail: mail to root privilege escalation via sm-client.pre script",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-31256",
"datePublished": "2022-10-26T08:55:09.458Z",
"dateReserved": "2022-05-20T00:00:00.000Z",
"dateUpdated": "2025-05-09T19:11:55.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31251 (GCVE-0-2022-31251)
Vulnerability from cvelistv5 – Published: 2022-09-07 08:55 – Updated: 2024-09-17 01:10
VLAI?
Title
slurm: %post for slurm-testsuite operates as root in user owned directory
Summary
A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.
Severity ?
6.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Affected:
slurm , < 22.05.2-3.3
(custom)
|
Credits
Johannes Segitz from SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "22.05.2-3.3",
"status": "affected",
"version": "slurm",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz from SUSE"
}
],
"datePublic": "2022-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1201674"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1201674",
"defect": [
"1201674"
],
"discovery": "INTERNAL"
},
"title": "slurm: %post for slurm-testsuite operates as root in user owned directory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-31251",
"datePublished": "2022-09-07T08:55:09.171815Z",
"dateReserved": "2022-05-20T00:00:00",
"dateUpdated": "2024-09-17T01:10:54.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46705 (GCVE-0-2021-46705)
Vulnerability from cvelistv5 – Published: 2022-03-16 09:50 – Updated: 2024-09-16 19:46
VLAI?
Title
grub2-once uses fixed file name in /var/tmp
Summary
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
Severity ?
5.1 (Medium)
CWE
- CWE-377 - Insecure Temporary File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 SP4 |
Affected:
grub2 , < 2.06-150400.7.1
(custom)
|
|||||||
|
|||||||||
Credits
Ludwig Nussel of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15 SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.06-150400.7.1",
"status": "affected",
"version": "grub2",
"versionType": "custom"
}
]
},
{
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.06-18.1",
"status": "affected",
"version": "grub2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ludwig Nussel of SUSE"
}
],
"datePublic": "2022-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377: Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T09:50:10",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1190474",
"defect": [
"1190474"
],
"discovery": "INTERNAL"
},
"title": "grub2-once uses fixed file name in /var/tmp",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2022-02-23T00:00:00.000Z",
"ID": "CVE-2021-46705",
"STATE": "PUBLIC",
"TITLE": "grub2-once uses fixed file name in /var/tmp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15 SP4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "grub2",
"version_value": "2.06-150400.7.1"
}
]
}
},
{
"product_name": "openSUSE Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "grub2",
"version_value": "2.06-18.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ludwig Nussel of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-377: Insecure Temporary File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1190474",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1190474"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1190474",
"defect": [
"1190474"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-46705",
"datePublished": "2022-03-16T09:50:10.172983Z",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-09-16T19:46:27.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}