Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for suse_linux by novell

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from nvd – Published: 2026-04-22 08:15 – Updated: 2026-06-30 12:07
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:50.470Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-06-30T12:07:50.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12084 (GCVE-0-2024-12084)

    Vulnerability from nvd – Published: 2025-01-15 14:16 – Updated: 2026-06-29 20:31
    VLAI
    Title
    Rsync: heap buffer overflow in rsync due to improper checksum length handling
    Summary
    A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 3.2.7
    Affected: 3.3.0
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-01-14 15:06
    Credits
    Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12084",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T04:55:13.179697Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:06.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:52:08.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/01/14/6"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/952657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/RsyncProject/rsync",
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.7"
                },
                {
                  "status": "affected",
                  "version": "3.3.0"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.1-2.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-14T15:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Critical"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:31:56.456Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:6470",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:6470"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12084"
            },
            {
              "name": "RHBZ#2330527",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527"
            },
            {
              "url": "https://kb.cert.org/vuls/id/952657"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-12-05T09:32:44.653Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-14T15:06:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rsync: heap buffer overflow in rsync due to improper checksum length handling",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat recommends filtering untrusted connections to Rsync via firewall rules on the host and on network firewall appliances.\n\nAdditionally, systems which only need to provide remote Rsync access to users with known identities can enable authentication using the ```auth users``` parameter in their rsyncd configuration file (rsyncd.conf). \n\nSystems that provide anonymous read access to hosted files via Rsync, such as mirror hosts, do not have reasonable mitigation options available. We strongly urge operators using vulnerable versions of Rsync to update as soon as possible."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12084",
        "datePublished": "2025-01-15T14:16:35.363Z",
        "dateReserved": "2024-12-03T08:57:42.580Z",
        "dateUpdated": "2026-06-29T20:31:56.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12088 (GCVE-0-2024-12088)

    Vulnerability from nvd – Published: 2025-01-14 17:38 – Updated: 2026-06-29 23:43
    VLAI
    Title
    Rsync: --safe-links option bypass leads to path traversal
    Summary
    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.3.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.1.3-21.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-3.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Discovery 1.14 Unaffected: 1.14.2-1748467619 , < * (rpm)
        cpe:/a:redhat:discovery:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-01-14 15:06
    Credits
    Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T14:13:08.347346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T14:13:22.355Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:52:20.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/952657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/RsyncProject/rsync",
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.1-2.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-21.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.5-3.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.5-3.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Red Hat Discovery 1.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.14.2-1748467619",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-14T15:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T23:43:47.457Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:6470",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:6470"
            },
            {
              "name": "RHSA-2025:2600",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2600"
            },
            {
              "name": "RHSA-2025:7050",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7050"
            },
            {
              "name": "RHSA-2025:8385",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8385"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12088"
            },
            {
              "name": "RHBZ#2330676",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
            },
            {
              "url": "https://kb.cert.org/vuls/id/952657"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-12-05T21:55:22.700Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-14T15:06:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rsync: --safe-links option bypass leads to path traversal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12088",
        "datePublished": "2025-01-14T17:38:34.890Z",
        "dateReserved": "2024-12-03T08:58:08.307Z",
        "dateUpdated": "2026-06-29T23:43:47.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-2567 (GCVE-0-2015-2567)

    Vulnerability from nvd – Published: 2015-04-16 16:00 – Updated: 2024-08-06 05:17
    VLAI
    Summary
    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201507-19 vendor-advisoryx_refsource_GENTOO
    http://www.securitytracker.com/id/1032121 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:17:27.332Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201507-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-19"
              },
              {
                "name": "1032121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032121"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
              },
              {
                "name": "SUSE-SU-2015:0946",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T16:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "GLSA-201507-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-19"
            },
            {
              "name": "1032121",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032121"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2015-2567",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201507-19",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-19"
                },
                {
                  "name": "1032121",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032121"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
                },
                {
                  "name": "SUSE-SU-2015:0946",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2015-2567",
        "datePublished": "2015-04-16T16:00:00.000Z",
        "dateReserved": "2015-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:17:27.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2566 (GCVE-0-2015-2566)

    Vulnerability from nvd – Published: 2015-04-16 16:00 – Updated: 2024-08-06 05:17
    VLAI
    Summary
    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201507-19 vendor-advisoryx_refsource_GENTOO
    http://www.securitytracker.com/id/1032121 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:17:27.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201507-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-19"
              },
              {
                "name": "1032121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032121"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
              },
              {
                "name": "SUSE-SU-2015:0946",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T16:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "GLSA-201507-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-19"
            },
            {
              "name": "1032121",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032121"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2015-2566",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201507-19",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-19"
                },
                {
                  "name": "1032121",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032121"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
                },
                {
                  "name": "SUSE-SU-2015:0946",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2015-2566",
        "datePublished": "2015-04-16T16:00:00.000Z",
        "dateReserved": "2015-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:17:27.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4854 (GCVE-0-2013-4854)

    Vulnerability from nvd – Published: 2013-07-26 23:00 – Updated: 2024-08-06 16:59
    VLAI KEVIntel
    Summary
    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://h20564.www2.hp.com/portal/site/hpsc/publi… vendor-advisoryx_refsource_HP
    https://kb.isc.org/article/AA-01015 x_refsource_CONFIRM
    http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/54134 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://linux.oracle.com/errata/ELSA-2014-1244 x_refsource_CONFIRM
    http://secunia.com/advisories/54185 third-party-advisoryx_refsource_SECUNIA
    http://www.freebsd.org/security/advisories/FreeBS… vendor-advisoryx_refsource_FREEBSD
    https://kb.isc.org/article/AA-01016 x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_MISC
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/54207 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/kb/HT6536 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.zerodayinitiative.com/advisories/ZDI-13-210/ x_refsource_MISC
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://rhn.redhat.com/errata/RHSA-2013-1114.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/61479 vdb-entryx_refsource_BID
    http://secunia.com/advisories/54323 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/54211 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-1910-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2013/dsa-2728 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id/1028838 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2013-1115.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/54432 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2013-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:59:39.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2013-13863",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
              },
              {
                "name": "HPSBUX02926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.isc.org/article/AA-01015"
              },
              {
                "name": "APPLE-SA-2014-10-16-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
              },
              {
                "name": "54134",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54134"
              },
              {
                "name": "MDVSA-2013:202",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-1244"
              },
              {
                "name": "54185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54185"
              },
              {
                "name": "FreeBSD-SA-13:07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.isc.org/article/AA-01016"
              },
              {
                "name": "oval:org.mitre.oval:def:19561",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
              },
              {
                "name": "FEDORA-2013-13831",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
              },
              {
                "name": "54207",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54207"
              },
              {
                "name": "openSUSE-SU-2013:1354",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT6536"
              },
              {
                "name": "isc-bind-cve20134854-dos(86004)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
              },
              {
                "name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
              },
              {
                "name": "RHSA-2013:1114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
              },
              {
                "name": "61479",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/61479"
              },
              {
                "name": "54323",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54323"
              },
              {
                "name": "SUSE-SU-2013:1310",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
              },
              {
                "name": "54211",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54211"
              },
              {
                "name": "USN-1910-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1910-1"
              },
              {
                "name": "DSA-2728",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2728"
              },
              {
                "name": "1028838",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028838"
              },
              {
                "name": "RHSA-2013:1115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
              },
              {
                "name": "SSRT101281",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
              },
              {
                "name": "54432",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2013-13863",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
            },
            {
              "name": "HPSBUX02926",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.isc.org/article/AA-01015"
            },
            {
              "name": "APPLE-SA-2014-10-16-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
            },
            {
              "name": "54134",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54134"
            },
            {
              "name": "MDVSA-2013:202",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-1244"
            },
            {
              "name": "54185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54185"
            },
            {
              "name": "FreeBSD-SA-13:07",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.isc.org/article/AA-01016"
            },
            {
              "name": "oval:org.mitre.oval:def:19561",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
            },
            {
              "name": "FEDORA-2013-13831",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
            },
            {
              "name": "54207",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54207"
            },
            {
              "name": "openSUSE-SU-2013:1354",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT6536"
            },
            {
              "name": "isc-bind-cve20134854-dos(86004)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
            },
            {
              "name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
            },
            {
              "name": "RHSA-2013:1114",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
            },
            {
              "name": "61479",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/61479"
            },
            {
              "name": "54323",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54323"
            },
            {
              "name": "SUSE-SU-2013:1310",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
            },
            {
              "name": "54211",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54211"
            },
            {
              "name": "USN-1910-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1910-1"
            },
            {
              "name": "DSA-2728",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2728"
            },
            {
              "name": "1028838",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028838"
            },
            {
              "name": "RHSA-2013:1115",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
            },
            {
              "name": "SSRT101281",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
            },
            {
              "name": "54432",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4854",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2013-13863",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
                },
                {
                  "name": "HPSBUX02926",
                  "refsource": "HP",
                  "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
                },
                {
                  "name": "https://kb.isc.org/article/AA-01015",
                  "refsource": "CONFIRM",
                  "url": "https://kb.isc.org/article/AA-01015"
                },
                {
                  "name": "APPLE-SA-2014-10-16-3",
                  "refsource": "APPLE",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
                },
                {
                  "name": "54134",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54134"
                },
                {
                  "name": "MDVSA-2013:202",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-1244",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-1244"
                },
                {
                  "name": "54185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54185"
                },
                {
                  "name": "FreeBSD-SA-13:07",
                  "refsource": "FREEBSD",
                  "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
                },
                {
                  "name": "https://kb.isc.org/article/AA-01016",
                  "refsource": "CONFIRM",
                  "url": "https://kb.isc.org/article/AA-01016"
                },
                {
                  "name": "oval:org.mitre.oval:def:19561",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052",
                  "refsource": "MISC",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
                },
                {
                  "name": "FEDORA-2013-13831",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
                },
                {
                  "name": "54207",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54207"
                },
                {
                  "name": "openSUSE-SU-2013:1354",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
                },
                {
                  "name": "https://support.apple.com/kb/HT6536",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT6536"
                },
                {
                  "name": "isc-bind-cve20134854-dos(86004)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
                },
                {
                  "name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
                },
                {
                  "name": "RHSA-2013:1114",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
                },
                {
                  "name": "61479",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/61479"
                },
                {
                  "name": "54323",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54323"
                },
                {
                  "name": "SUSE-SU-2013:1310",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
                },
                {
                  "name": "54211",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54211"
                },
                {
                  "name": "USN-1910-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1910-1"
                },
                {
                  "name": "DSA-2728",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2728"
                },
                {
                  "name": "1028838",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028838"
                },
                {
                  "name": "RHSA-2013:1115",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
                },
                {
                  "name": "SSRT101281",
                  "refsource": "HP",
                  "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
                },
                {
                  "name": "54432",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4854",
        "datePublished": "2013-07-26T23:00:00.000Z",
        "dateReserved": "2013-07-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:59:39.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0988 (GCVE-0-2011-0988)

    Vulnerability from nvd – Published: 2011-04-18 17:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/44039 third-party-advisoryx_refsource_SECUNIA
    https://hermes.opensuse.org/messages/7849430 vendor-advisoryx_refsource_SUSE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "44039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44039"
              },
              {
                "name": "SUSE-SU-2011:0306",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/7849430"
              },
              {
                "name": "sles-pureftpd-privilege-escalation(66618)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "44039",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44039"
            },
            {
              "name": "SUSE-SU-2011:0306",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/7849430"
            },
            {
              "name": "sles-pureftpd-privilege-escalation(66618)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0988",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "44039",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44039"
                },
                {
                  "name": "SUSE-SU-2011:0306",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/7849430"
                },
                {
                  "name": "sles-pureftpd-privilege-escalation(66618)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0988",
        "datePublished": "2011-04-18T17:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3912 (GCVE-0-2010-3912)

    Vulnerability from nvd – Published: 2011-01-12 23:00 – Updated: 2024-08-07 03:26
    VLAI
    Summary
    The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/42877 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/70405 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2011/0076 vdb-entryx_refsource_VUPEN
    Date Public
    2011-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:26:12.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2011:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
              },
              {
                "name": "suse-linux-supportconfig-unspecified(64690)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
              },
              {
                "name": "42877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42877"
              },
              {
                "name": "70405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70405"
              },
              {
                "name": "ADV-2011-0076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2011:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "suse-linux-supportconfig-unspecified(64690)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
            },
            {
              "name": "42877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "name": "70405",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70405"
            },
            {
              "name": "ADV-2011-0076",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3912",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2011:001",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
                },
                {
                  "name": "suse-linux-supportconfig-unspecified(64690)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
                },
                {
                  "name": "42877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42877"
                },
                {
                  "name": "70405",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70405"
                },
                {
                  "name": "ADV-2011-0076",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3912",
        "datePublished": "2011-01-12T23:00:00.000Z",
        "dateReserved": "2010-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:26:12.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3110 (GCVE-0-2010-3110)

    Vulnerability from nvd – Published: 2010-10-12 19:00 – Updated: 2024-09-16 22:36
    VLAI
    Summary
    Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2010:033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-10-12T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2010:033",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3110",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2010:033",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3110",
        "datePublished": "2010-10-12T19:00:00.000Z",
        "dateReserved": "2010-08-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:36:15.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1507 (GCVE-0-2010-1507)

    Vulnerability from nvd – Published: 2010-09-03 19:00 – Updated: 2024-09-16 17:08
    VLAI
    Summary
    WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
              },
              {
                "name": "42128",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42128"
              },
              {
                "name": "SUSE-SR:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-09-03T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
            },
            {
              "name": "42128",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42128"
            },
            {
              "name": "SUSE-SR:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1507",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=591345",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
                },
                {
                  "name": "http://support.novell.com/security/cve/CVE-2010-1507.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
                },
                {
                  "name": "42128",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/42128"
                },
                {
                  "name": "SUSE-SR:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=598834",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1507",
        "datePublished": "2010-09-03T19:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:08:35.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1297 (GCVE-0-2009-1297)

    Vulnerability from nvd – Published: 2009-10-23 18:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2013:109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
              },
              {
                "name": "SUSE-SR:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-11T01:57:00.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "MDVSA-2013:109",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
            },
            {
              "name": "SUSE-SR:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2009-1297",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2013:109",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
                },
                {
                  "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
                },
                {
                  "name": "SUSE-SR:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2009-1297",
        "datePublished": "2009-10-23T18:00:00.000Z",
        "dateReserved": "2009-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4432 (GCVE-0-2007-4432)

    Vulnerability from nvd – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/46783 vdb-entryx_refsource_OSVDB
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/26543 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/46781 vdb-entryx_refsource_OSVDB
    http://osvdb.org/46784 vdb-entryx_refsource_OSVDB
    http://osvdb.org/46782 vdb-entryx_refsource_OSVDB
    Date Public
    2007-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:55.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46783",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46783"
              },
              {
                "name": "SUSE-SR:2007:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
              },
              {
                "name": "26543",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26543"
              },
              {
                "name": "46781",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46781"
              },
              {
                "name": "46784",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46784"
              },
              {
                "name": "46782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46782"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-09-13T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46783",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46783"
            },
            {
              "name": "SUSE-SR:2007:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
            },
            {
              "name": "26543",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26543"
            },
            {
              "name": "46781",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46781"
            },
            {
              "name": "46784",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46784"
            },
            {
              "name": "46782",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46782"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46783",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46783"
                },
                {
                  "name": "SUSE-SR:2007:017",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
                },
                {
                  "name": "26543",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26543"
                },
                {
                  "name": "46781",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46781"
                },
                {
                  "name": "46784",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46784"
                },
                {
                  "name": "46782",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46782"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4432",
        "datePublished": "2007-08-20T19:00:00.000Z",
        "dateReserved": "2007-08-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:55.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4394 (GCVE-0-2007-4394)

    Vulnerability from nvd – Published: 2007-08-17 22:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/46404 vdb-entryx_refsource_OSVDB
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/26395 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:55.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46404",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46404"
              },
              {
                "name": "SUSE-SR:2007:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
              },
              {
                "name": "26395",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26395"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46404",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46404"
            },
            {
              "name": "SUSE-SR:2007:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
            },
            {
              "name": "26395",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26395"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46404",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46404"
                },
                {
                  "name": "SUSE-SR:2007:016",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
                },
                {
                  "name": "26395",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26395"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4394",
        "datePublished": "2007-08-17T22:00:00.000Z",
        "dateReserved": "2007-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:55.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1285 (GCVE-0-2007-1285)

    Vulnerability from nvd – Published: 2007-03-06 20:00 – Updated: 2024-08-07 12:50
    VLAI
    Summary
    The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://launchpad.net/bugs/173043 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/22764 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2007-0154.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/26048 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/466166/100… mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200705-19.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24941 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27864 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    http://us2.php.net/releases/4_4_7.php x_refsource_CONFIRM
    http://www.php.net/releases/4_4_8.php x_refsource_CONFIRM
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    http://www.php.net/ChangeLog-5.php#5.2.4 x_refsource_CONFIRM
    http://secunia.com/advisories/28936 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.php-security.org/MOPB/MOPB-03-2007.html x_refsource_MISC
    https://usn.ubuntu.com/549-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/24909 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/24945 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://issues.rpath.com/browse/RPL-1268 x_refsource_CONFIRM
    http://www.osvdb.org/32769 vdb-entryx_refsource_OSVDB
    http://us2.php.net/releases/5_2_2.php x_refsource_CONFIRM
    http://www.securitytracker.com/id?1017771 vdb-entryx_refsource_SECTRACK
    http://www.redhat.com/support/errata/RHSA-2007-00… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/24924 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2007-0155.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/24910 third-party-advisoryx_refsource_SECUNIA
    http://www.php.net/ChangeLog-4.php x_refsource_CONFIRM
    http://www.php.net/releases/5_2_4.php x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/25445 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2007-0163.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/usn-549-2 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/26642 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2007-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:50:35.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/173043"
              },
              {
                "name": "22764",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22764"
              },
              {
                "name": "RHSA-2007:0154",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
              },
              {
                "name": "26048",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26048"
              },
              {
                "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
              },
              {
                "name": "GLSA-200705-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
              },
              {
                "name": "24941",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24941"
              },
              {
                "name": "27864",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27864"
              },
              {
                "name": "RHSA-2007:0162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://us2.php.net/releases/4_4_7.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/releases/4_4_8.php"
              },
              {
                "name": "SSA:2008-045-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
              },
              {
                "name": "28936",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28936"
              },
              {
                "name": "MDKSA-2007:090",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
              },
              {
                "name": "USN-549-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/549-1/"
              },
              {
                "name": "24909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24909"
              },
              {
                "name": "MDKSA-2007:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
              },
              {
                "name": "24945",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24945"
              },
              {
                "name": "oval:org.mitre.oval:def:11017",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1268"
              },
              {
                "name": "32769",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32769"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://us2.php.net/releases/5_2_2.php"
              },
              {
                "name": "1017771",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017771"
              },
              {
                "name": "RHSA-2007:0082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
              },
              {
                "name": "24924",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24924"
              },
              {
                "name": "RHSA-2007:0155",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
              },
              {
                "name": "24910",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24910"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-4.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/releases/5_2_4.php"
              },
              {
                "name": "MDKSA-2007:089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
              },
              {
                "name": "25445",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25445"
              },
              {
                "name": "RHSA-2007:0163",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
              },
              {
                "name": "USN-549-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-549-2"
              },
              {
                "name": "26642",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26642"
              },
              {
                "name": "MDKSA-2007:088",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
              },
              {
                "name": "SUSE-SA:2007:044",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/bugs/173043"
            },
            {
              "name": "22764",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22764"
            },
            {
              "name": "RHSA-2007:0154",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
            },
            {
              "name": "26048",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26048"
            },
            {
              "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
            },
            {
              "name": "GLSA-200705-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
            },
            {
              "name": "24941",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24941"
            },
            {
              "name": "27864",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27864"
            },
            {
              "name": "RHSA-2007:0162",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://us2.php.net/releases/4_4_7.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/releases/4_4_8.php"
            },
            {
              "name": "SSA:2008-045-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
            },
            {
              "name": "28936",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28936"
            },
            {
              "name": "MDKSA-2007:090",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
            },
            {
              "name": "USN-549-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/549-1/"
            },
            {
              "name": "24909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24909"
            },
            {
              "name": "MDKSA-2007:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
            },
            {
              "name": "24945",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24945"
            },
            {
              "name": "oval:org.mitre.oval:def:11017",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1268"
            },
            {
              "name": "32769",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32769"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://us2.php.net/releases/5_2_2.php"
            },
            {
              "name": "1017771",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017771"
            },
            {
              "name": "RHSA-2007:0082",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
            },
            {
              "name": "24924",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24924"
            },
            {
              "name": "RHSA-2007:0155",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
            },
            {
              "name": "24910",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24910"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-4.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/releases/5_2_4.php"
            },
            {
              "name": "MDKSA-2007:089",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
            },
            {
              "name": "25445",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25445"
            },
            {
              "name": "RHSA-2007:0163",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
            },
            {
              "name": "USN-549-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-549-2"
            },
            {
              "name": "26642",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26642"
            },
            {
              "name": "MDKSA-2007:088",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
            },
            {
              "name": "SUSE-SA:2007:044",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.net/bugs/173043",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/bugs/173043"
                },
                {
                  "name": "22764",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22764"
                },
                {
                  "name": "RHSA-2007:0154",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
                },
                {
                  "name": "26048",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26048"
                },
                {
                  "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
                },
                {
                  "name": "GLSA-200705-19",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
                },
                {
                  "name": "24941",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24941"
                },
                {
                  "name": "27864",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27864"
                },
                {
                  "name": "RHSA-2007:0162",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
                },
                {
                  "name": "http://us2.php.net/releases/4_4_7.php",
                  "refsource": "CONFIRM",
                  "url": "http://us2.php.net/releases/4_4_7.php"
                },
                {
                  "name": "http://www.php.net/releases/4_4_8.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/releases/4_4_8.php"
                },
                {
                  "name": "SSA:2008-045-03",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
                },
                {
                  "name": "http://www.php.net/ChangeLog-5.php#5.2.4",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
                },
                {
                  "name": "28936",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28936"
                },
                {
                  "name": "MDKSA-2007:090",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
                },
                {
                  "name": "http://www.php-security.org/MOPB/MOPB-03-2007.html",
                  "refsource": "MISC",
                  "url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
                },
                {
                  "name": "USN-549-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/549-1/"
                },
                {
                  "name": "24909",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24909"
                },
                {
                  "name": "MDKSA-2007:087",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
                },
                {
                  "name": "24945",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24945"
                },
                {
                  "name": "oval:org.mitre.oval:def:11017",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1268",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1268"
                },
                {
                  "name": "32769",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32769"
                },
                {
                  "name": "http://us2.php.net/releases/5_2_2.php",
                  "refsource": "CONFIRM",
                  "url": "http://us2.php.net/releases/5_2_2.php"
                },
                {
                  "name": "1017771",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017771"
                },
                {
                  "name": "RHSA-2007:0082",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
                },
                {
                  "name": "24924",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24924"
                },
                {
                  "name": "RHSA-2007:0155",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
                },
                {
                  "name": "24910",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24910"
                },
                {
                  "name": "http://www.php.net/ChangeLog-4.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/ChangeLog-4.php"
                },
                {
                  "name": "http://www.php.net/releases/5_2_4.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/releases/5_2_4.php"
                },
                {
                  "name": "MDKSA-2007:089",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
                },
                {
                  "name": "25445",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25445"
                },
                {
                  "name": "RHSA-2007:0163",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
                },
                {
                  "name": "USN-549-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-549-2"
                },
                {
                  "name": "26642",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26642"
                },
                {
                  "name": "MDKSA-2007:088",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
                },
                {
                  "name": "SUSE-SA:2007:044",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1285",
        "datePublished": "2007-03-06T20:00:00.000Z",
        "dateReserved": "2007-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:50:35.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-31431 (GCVE-0-2026-31431)

    Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-06-30 12:07
    VLAI CISA CIRCL KEVIntel
    Title
    crypto: algif_aead - Revert to operating out-of-place
    Summary
    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://git.kernel.org/stable/c/893d22e0135fa394d…
    https://git.kernel.org/stable/c/19d43105a97be0810…
    https://git.kernel.org/stable/c/961cfa271a918ad4a…
    https://git.kernel.org/stable/c/3115af9644c342b35…
    https://git.kernel.org/stable/c/8b88d99341f139e23…
    https://git.kernel.org/stable/c/fafe0fa2995a0f707…
    https://git.kernel.org/stable/c/ce42ee423e58dffa5…
    https://git.kernel.org/stable/c/a664bf3d603dc3bdc…
    https://github.com/theori-io/copy-fail-CVE-2026-31431 exploit
    https://xint.io/blog/copy-fail-linux-distribution… mitigation
    https://lore.kernel.org/linux-cve-announce/202604… mitigation
    https://access.redhat.com/security/cve/cve-2026-3… mitigation
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://www.openwall.com/lists/oss-security/2026/0…
    https://copy.fail
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/04/30/2
    http://www.openwall.com/lists/oss-security/2026/04/30/5
    http://www.openwall.com/lists/oss-security/2026/04/30/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://websec.net/blog/cve-2026-31431-linux-algi…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/01/2
    http://www.openwall.com/lists/oss-security/2026/05/01/3
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/02/4
    http://www.openwall.com/lists/oss-security/2026/05/02/5
    http://www.openwall.com/lists/oss-security/2026/05/02/6
    http://www.openwall.com/lists/oss-security/2026/05/02/7
    http://www.openwall.com/lists/oss-security/2026/05/02/8
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/3
    http://www.openwall.com/lists/oss-security/2026/05/03/4
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/03/5
    http://www.openwall.com/lists/oss-security/2026/05/03/6
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/1
    http://www.openwall.com/lists/oss-security/2026/05/04/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/04/8
    http://www.openwall.com/lists/oss-security/2026/05/04/9
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/05/06/5
    http://www.openwall.com/lists/oss-security/2026/05/07/2
    http://www.openwall.com/lists/oss-security/2026/0…
    http://www.openwall.com/lists/oss-security/2026/0…
    https://www.kb.cert.org/vuls/id/260001
    http://www.openwall.com/lists/oss-security/2026/05/18/3
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://access.redhat.com/security/cve/CVE-2026-31431 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2460538 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:14926 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14097 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14112 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13729 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13885 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13727 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13862 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13811 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13887 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13566 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19074 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13936 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13734 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13932 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14339 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13565 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19225 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13577 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15976 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14230 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16111 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13681 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16208 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16018 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15978 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13578 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14137 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14301 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Linux Linux Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
    Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)
    Create a notification for this product.
    Linux Linux Affected: 4.14
    Unaffected: 0 , < 4.14 (semver)
    Unaffected: 5.10.254 , ≤ 5.10.* (semver)
    Unaffected: 5.15.204 , ≤ 5.15.* (semver)
    Unaffected: 6.1.170 , ≤ 6.1.* (semver)
    Unaffected: 6.6.137 , ≤ 6.6.* (semver)
    Unaffected: 6.12.85 , ≤ 6.12.* (semver)
    Unaffected: 6.18.22 , ≤ 6.18.* (semver)
    Unaffected: 6.19.12 , ≤ 6.19.* (semver)
    Unaffected: 7.0 , ≤ * (original_commit_for_fix)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: V3.1.5 , < * (custom)
    Create a notification for this product.
    Red Hat NVIDIA for RHEL 10     cpe:/a:redhat:enterprise_linux_nvidia:10::el10
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CRB (v. 8)     cpe:/a:redhat:enterprise_linux:8::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::crb
    Create a notification for this product.
    Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV (v. 8)     cpe:/a:redhat:enterprise_linux:8::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux NFV E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time for NFV (v. 9)     cpe:/a:redhat:enterprise_linux:9::nfv
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux RT (v. 8)     cpe:/a:redhat:enterprise_linux:8::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Real Time (v. 9)     cpe:/a:redhat:enterprise_linux:9::realtime
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31431",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-05-01",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-669",
                    "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-02T03:55:23.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
              },
              {
                "tags": [
                  "mitigation"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-01T00:00:00.000Z",
                "value": "CVE-2026-31431 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-18T17:44:54.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
              },
              {
                "url": "https://copy.fail"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
              },
              {
                "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/260001"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T12:09:03.910Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
                ],
                "defaultStatus": "affected",
                "product": "NVIDIA for RHEL 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.21::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.21",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CRB (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::crb"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::nfv"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1",
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux RT (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::realtime"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Real Time (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-04-22T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1288",
                    "description": "Improper Validation of Consistency within Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:50.470Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
              },
              {
                "name": "RHBZ#2460538",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14926"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14097"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14112"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13729"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13885"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13727"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13862"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13811"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13887"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13566"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19074"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13936"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13734"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13932"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14339"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13565"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13577"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15976"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14230"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16111"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13681"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16210"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16209"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16208"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16063"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16018"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15978"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13578"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14137"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14301"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:14926: NVIDIA for RHEL 10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-04-22T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "kernel: crypto: algif_aead - Revert to operating out-of-place",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "lessThan": "893d22e0135fa394db81df88697fba6032747667",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                },
                {
                  "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
                  "status": "affected",
                  "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Linux",
              "programFiles": [
                "crypto/af_alg.c",
                "crypto/algif_aead.c",
                "crypto/algif_skcipher.c",
                "include/crypto/if_alg.h"
              ],
              "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
              "vendor": "Linux",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "lessThan": "4.14",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.10.*",
                  "status": "unaffected",
                  "version": "5.10.254",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.15.*",
                  "status": "unaffected",
                  "version": "5.15.204",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.1.*",
                  "status": "unaffected",
                  "version": "6.1.170",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.6.*",
                  "status": "unaffected",
                  "version": "6.6.137",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.12.*",
                  "status": "unaffected",
                  "version": "6.12.85",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.18.*",
                  "status": "unaffected",
                  "version": "6.18.22",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "6.19.*",
                  "status": "unaffected",
                  "version": "6.19.12",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "7.0",
                  "versionType": "original_commit_for_fix"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.254",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.15.204",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.170",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.6.137",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.12.85",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.18.22",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.19.12",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0",
                      "versionStartIncluding": "4.14",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T22:08:34.612Z",
            "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "shortName": "Linux"
          },
          "references": [
            {
              "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
            },
            {
              "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
            },
            {
              "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
            },
            {
              "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
            },
            {
              "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
            },
            {
              "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
            },
            {
              "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
            },
            {
              "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
            }
          ],
          "title": "crypto: algif_aead - Revert to operating out-of-place",
          "x_generator": {
            "engine": "bippy-1.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "assignerShortName": "Linux",
        "cveId": "CVE-2026-31431",
        "datePublished": "2026-04-22T08:15:10.123Z",
        "dateReserved": "2026-03-09T15:48:24.089Z",
        "dateUpdated": "2026-06-30T12:07:50.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12084 (GCVE-0-2024-12084)

    Vulnerability from cvelistv5 – Published: 2025-01-15 14:16 – Updated: 2026-06-29 20:31
    VLAI
    Title
    Rsync: heap buffer overflow in rsync due to improper checksum length handling
    Summary
    A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 3.2.7
    Affected: 3.3.0
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-01-14 15:06
    Credits
    Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12084",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T04:55:13.179697Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:06.939Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:52:08.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/01/14/6"
              },
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/952657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/RsyncProject/rsync",
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.7"
                },
                {
                  "status": "affected",
                  "version": "3.3.0"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.1-2.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-14T15:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Critical"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T20:31:56.456Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:6470",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:6470"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12084"
            },
            {
              "name": "RHBZ#2330527",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527"
            },
            {
              "url": "https://kb.cert.org/vuls/id/952657"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-12-05T09:32:44.653Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-14T15:06:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rsync: heap buffer overflow in rsync due to improper checksum length handling",
          "workarounds": [
            {
              "lang": "en",
              "value": "Red Hat recommends filtering untrusted connections to Rsync via firewall rules on the host and on network firewall appliances.\n\nAdditionally, systems which only need to provide remote Rsync access to users with known identities can enable authentication using the ```auth users``` parameter in their rsyncd configuration file (rsyncd.conf). \n\nSystems that provide anonymous read access to hosted files via Rsync, such as mirror hosts, do not have reasonable mitigation options available. We strongly urge operators using vulnerable versions of Rsync to update as soon as possible."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12084",
        "datePublished": "2025-01-15T14:16:35.363Z",
        "dateReserved": "2024-12-03T08:57:42.580Z",
        "dateUpdated": "2026-06-29T20:31:56.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12088 (GCVE-0-2024-12088)

    Vulnerability from cvelistv5 – Published: 2025-01-14 17:38 – Updated: 2026-06-29 23:43
    VLAI
    Title
    Rsync: --safe-links option bypass leads to path traversal
    Summary
    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , ≤ 3.3.0 (semver)
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.1.3-21.el8_10 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-3.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat Discovery 1.14 Unaffected: 1.14.2-1748467619 , < * (rpm)
        cpe:/a:redhat:discovery:1.14::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Date Public
    2025-01-14 15:06
    Credits
    Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T14:13:08.347346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T14:13:22.355Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:52:20.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/952657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/RsyncProject/rsync",
              "defaultStatus": "unaffected",
              "packageName": "rsync",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.4.1-2.el10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.1.3-21.el8_10",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.5-3.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/o:redhat:enterprise_linux:9::baseos"
              ],
              "defaultStatus": "affected",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:3.2.5-3.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:discovery:1.14::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "discovery/discovery-ui-rhel9",
              "product": "Red Hat Discovery 1.14",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1.14.2-1748467619",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "rsync",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
            }
          ],
          "datePublic": "2025-01-14T15:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T23:43:47.457Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHBA-2025:6470",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2025:6470"
            },
            {
              "name": "RHSA-2025:2600",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:2600"
            },
            {
              "name": "RHSA-2025:7050",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:7050"
            },
            {
              "name": "RHSA-2025:8385",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:8385"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-12088"
            },
            {
              "name": "RHBZ#2330676",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
            },
            {
              "url": "https://kb.cert.org/vuls/id/952657"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-12-05T21:55:22.700Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-01-14T15:06:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rsync: --safe-links option bypass leads to path traversal",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-12088",
        "datePublished": "2025-01-14T17:38:34.890Z",
        "dateReserved": "2024-12-03T08:58:08.307Z",
        "dateUpdated": "2026-06-29T23:43:47.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-2566 (GCVE-0-2015-2566)

    Vulnerability from cvelistv5 – Published: 2015-04-16 16:00 – Updated: 2024-08-06 05:17
    VLAI
    Summary
    Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201507-19 vendor-advisoryx_refsource_GENTOO
    http://www.securitytracker.com/id/1032121 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:17:27.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201507-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-19"
              },
              {
                "name": "1032121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032121"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
              },
              {
                "name": "SUSE-SU-2015:0946",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T16:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "GLSA-201507-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-19"
            },
            {
              "name": "1032121",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032121"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2015-2566",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201507-19",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-19"
                },
                {
                  "name": "1032121",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032121"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
                },
                {
                  "name": "SUSE-SU-2015:0946",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2015-2566",
        "datePublished": "2015-04-16T16:00:00.000Z",
        "dateReserved": "2015-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:17:27.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2567 (GCVE-0-2015-2567)

    Vulnerability from cvelistv5 – Published: 2015-04-16 16:00 – Updated: 2024-08-06 05:17
    VLAI
    Summary
    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://security.gentoo.org/glsa/201507-19 vendor-advisoryx_refsource_GENTOO
    http://www.securitytracker.com/id/1032121 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2015-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:17:27.332Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-201507-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201507-19"
              },
              {
                "name": "1032121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032121"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
              },
              {
                "name": "SUSE-SU-2015:0946",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-30T16:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "GLSA-201507-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201507-19"
            },
            {
              "name": "1032121",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032121"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
            },
            {
              "name": "SUSE-SU-2015:0946",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2015-2567",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-201507-19",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201507-19"
                },
                {
                  "name": "1032121",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032121"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
                },
                {
                  "name": "SUSE-SU-2015:0946",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2015-2567",
        "datePublished": "2015-04-16T16:00:00.000Z",
        "dateReserved": "2015-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:17:27.332Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4854 (GCVE-0-2013-4854)

    Vulnerability from cvelistv5 – Published: 2013-07-26 23:00 – Updated: 2024-08-06 16:59
    VLAI KEVIntel
    Summary
    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://h20564.www2.hp.com/portal/site/hpsc/publi… vendor-advisoryx_refsource_HP
    https://kb.isc.org/article/AA-01015 x_refsource_CONFIRM
    http://archives.neohapsis.com/archives/bugtraq/20… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/54134 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://linux.oracle.com/errata/ELSA-2014-1244 x_refsource_CONFIRM
    http://secunia.com/advisories/54185 third-party-advisoryx_refsource_SECUNIA
    http://www.freebsd.org/security/advisories/FreeBS… vendor-advisoryx_refsource_FREEBSD
    https://kb.isc.org/article/AA-01016 x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_MISC
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/54207 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/kb/HT6536 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.zerodayinitiative.com/advisories/ZDI-13-210/ x_refsource_MISC
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://rhn.redhat.com/errata/RHSA-2013-1114.html vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/61479 vdb-entryx_refsource_BID
    http://secunia.com/advisories/54323 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/54211 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-1910-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2013/dsa-2728 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id/1028838 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2013-1115.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/54432 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2013-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:59:39.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2013-13863",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
              },
              {
                "name": "HPSBUX02926",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.isc.org/article/AA-01015"
              },
              {
                "name": "APPLE-SA-2014-10-16-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
              },
              {
                "name": "54134",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54134"
              },
              {
                "name": "MDVSA-2013:202",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://linux.oracle.com/errata/ELSA-2014-1244"
              },
              {
                "name": "54185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54185"
              },
              {
                "name": "FreeBSD-SA-13:07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.isc.org/article/AA-01016"
              },
              {
                "name": "oval:org.mitre.oval:def:19561",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
              },
              {
                "name": "FEDORA-2013-13831",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
              },
              {
                "name": "54207",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54207"
              },
              {
                "name": "openSUSE-SU-2013:1354",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT6536"
              },
              {
                "name": "isc-bind-cve20134854-dos(86004)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
              },
              {
                "name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
              },
              {
                "name": "RHSA-2013:1114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
              },
              {
                "name": "61479",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/61479"
              },
              {
                "name": "54323",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54323"
              },
              {
                "name": "SUSE-SU-2013:1310",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
              },
              {
                "name": "54211",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54211"
              },
              {
                "name": "USN-1910-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1910-1"
              },
              {
                "name": "DSA-2728",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2013/dsa-2728"
              },
              {
                "name": "1028838",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1028838"
              },
              {
                "name": "RHSA-2013:1115",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
              },
              {
                "name": "SSRT101281",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
              },
              {
                "name": "54432",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2013-13863",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
            },
            {
              "name": "HPSBUX02926",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.isc.org/article/AA-01015"
            },
            {
              "name": "APPLE-SA-2014-10-16-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
            },
            {
              "name": "54134",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54134"
            },
            {
              "name": "MDVSA-2013:202",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://linux.oracle.com/errata/ELSA-2014-1244"
            },
            {
              "name": "54185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54185"
            },
            {
              "name": "FreeBSD-SA-13:07",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.isc.org/article/AA-01016"
            },
            {
              "name": "oval:org.mitre.oval:def:19561",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
            },
            {
              "name": "FEDORA-2013-13831",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
            },
            {
              "name": "54207",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54207"
            },
            {
              "name": "openSUSE-SU-2013:1354",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT6536"
            },
            {
              "name": "isc-bind-cve20134854-dos(86004)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
            },
            {
              "name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
            },
            {
              "name": "RHSA-2013:1114",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
            },
            {
              "name": "61479",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/61479"
            },
            {
              "name": "54323",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54323"
            },
            {
              "name": "SUSE-SU-2013:1310",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
            },
            {
              "name": "54211",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54211"
            },
            {
              "name": "USN-1910-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1910-1"
            },
            {
              "name": "DSA-2728",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2013/dsa-2728"
            },
            {
              "name": "1028838",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1028838"
            },
            {
              "name": "RHSA-2013:1115",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
            },
            {
              "name": "SSRT101281",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
            },
            {
              "name": "54432",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-4854",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2013-13863",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html"
                },
                {
                  "name": "HPSBUX02926",
                  "refsource": "HP",
                  "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
                },
                {
                  "name": "https://kb.isc.org/article/AA-01015",
                  "refsource": "CONFIRM",
                  "url": "https://kb.isc.org/article/AA-01015"
                },
                {
                  "name": "APPLE-SA-2014-10-16-3",
                  "refsource": "APPLE",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
                },
                {
                  "name": "54134",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54134"
                },
                {
                  "name": "MDVSA-2013:202",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:202"
                },
                {
                  "name": "http://linux.oracle.com/errata/ELSA-2014-1244",
                  "refsource": "CONFIRM",
                  "url": "http://linux.oracle.com/errata/ELSA-2014-1244"
                },
                {
                  "name": "54185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54185"
                },
                {
                  "name": "FreeBSD-SA-13:07",
                  "refsource": "FREEBSD",
                  "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc"
                },
                {
                  "name": "https://kb.isc.org/article/AA-01016",
                  "refsource": "CONFIRM",
                  "url": "https://kb.isc.org/article/AA-01016"
                },
                {
                  "name": "oval:org.mitre.oval:def:19561",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052",
                  "refsource": "MISC",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10052"
                },
                {
                  "name": "FEDORA-2013-13831",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html"
                },
                {
                  "name": "54207",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54207"
                },
                {
                  "name": "openSUSE-SU-2013:1354",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html"
                },
                {
                  "name": "https://support.apple.com/kb/HT6536",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT6536"
                },
                {
                  "name": "isc-bind-cve20134854-dos(86004)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86004"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-13-210/"
                },
                {
                  "name": "20130806 [slackware-security] bind (SSA:2013-218-01)",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html"
                },
                {
                  "name": "RHSA-2013:1114",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1114.html"
                },
                {
                  "name": "61479",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/61479"
                },
                {
                  "name": "54323",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54323"
                },
                {
                  "name": "SUSE-SU-2013:1310",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html"
                },
                {
                  "name": "54211",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54211"
                },
                {
                  "name": "USN-1910-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1910-1"
                },
                {
                  "name": "DSA-2728",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2013/dsa-2728"
                },
                {
                  "name": "1028838",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1028838"
                },
                {
                  "name": "RHSA-2013:1115",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1115.html"
                },
                {
                  "name": "SSRT101281",
                  "refsource": "HP",
                  "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396"
                },
                {
                  "name": "54432",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-4854",
        "datePublished": "2013-07-26T23:00:00.000Z",
        "dateReserved": "2013-07-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:59:39.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0988 (GCVE-0-2011-0988)

    Vulnerability from cvelistv5 – Published: 2011-04-18 17:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/44039 third-party-advisoryx_refsource_SECUNIA
    https://hermes.opensuse.org/messages/7849430 vendor-advisoryx_refsource_SUSE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2011-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.609Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "44039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44039"
              },
              {
                "name": "SUSE-SU-2011:0306",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/7849430"
              },
              {
                "name": "sles-pureftpd-privilege-escalation(66618)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "44039",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44039"
            },
            {
              "name": "SUSE-SU-2011:0306",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/7849430"
            },
            {
              "name": "sles-pureftpd-privilege-escalation(66618)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0988",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "44039",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44039"
                },
                {
                  "name": "SUSE-SU-2011:0306",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/7849430"
                },
                {
                  "name": "sles-pureftpd-privilege-escalation(66618)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66618"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0988",
        "datePublished": "2011-04-18T17:00:00.000Z",
        "dateReserved": "2011-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3912 (GCVE-0-2010-3912)

    Vulnerability from cvelistv5 – Published: 2011-01-12 23:00 – Updated: 2024-08-07 03:26
    VLAI
    Summary
    The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/42877 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/70405 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2011/0076 vdb-entryx_refsource_VUPEN
    Date Public
    2011-01-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:26:12.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2011:001",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
              },
              {
                "name": "suse-linux-supportconfig-unspecified(64690)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
              },
              {
                "name": "42877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42877"
              },
              {
                "name": "70405",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70405"
              },
              {
                "name": "ADV-2011-0076",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0076"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2011:001",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
            },
            {
              "name": "suse-linux-supportconfig-unspecified(64690)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
            },
            {
              "name": "42877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42877"
            },
            {
              "name": "70405",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70405"
            },
            {
              "name": "ADV-2011-0076",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0076"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3912",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not \"disguise passwords\" in configuration files, which has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2011:001",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
                },
                {
                  "name": "suse-linux-supportconfig-unspecified(64690)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64690"
                },
                {
                  "name": "42877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42877"
                },
                {
                  "name": "70405",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70405"
                },
                {
                  "name": "ADV-2011-0076",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0076"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3912",
        "datePublished": "2011-01-12T23:00:00.000Z",
        "dateReserved": "2010-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:26:12.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3110 (GCVE-0-2010-3110)

    Vulnerability from cvelistv5 – Published: 2010-10-12 19:00 – Updated: 2024-09-16 22:36
    VLAI
    Summary
    Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2010:033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-10-12T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2010:033",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3110",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2010:033",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3110",
        "datePublished": "2010-10-12T19:00:00.000Z",
        "dateReserved": "2010-08-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:36:15.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1507 (GCVE-0-2010-1507)

    Vulnerability from cvelistv5 – Published: 2010-09-03 19:00 – Updated: 2024-09-16 17:08
    VLAI
    Summary
    WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:28:41.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
              },
              {
                "name": "42128",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42128"
              },
              {
                "name": "SUSE-SR:2010:014",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-09-03T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
            },
            {
              "name": "42128",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42128"
            },
            {
              "name": "SUSE-SR:2010:014",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1507",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance\u0027s image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=591345",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=591345"
                },
                {
                  "name": "http://support.novell.com/security/cve/CVE-2010-1507.html",
                  "refsource": "CONFIRM",
                  "url": "http://support.novell.com/security/cve/CVE-2010-1507.html"
                },
                {
                  "name": "42128",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/42128"
                },
                {
                  "name": "SUSE-SR:2010:014",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=598834",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=598834"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1507",
        "datePublished": "2010-09-03T19:00:00.000Z",
        "dateReserved": "2010-04-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:08:35.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1297 (GCVE-0-2009-1297)

    Vulnerability from cvelistv5 – Published: 2009-10-23 18:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-10-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:49.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2013:109",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
              },
              {
                "name": "SUSE-SR:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-10-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-01-11T01:57:00.000Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "name": "MDVSA-2013:109",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
            },
            {
              "name": "SUSE-SR:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@ubuntu.com",
              "ID": "CVE-2009-1297",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDVSA-2013:109",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:109"
                },
                {
                  "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0241"
                },
                {
                  "name": "SUSE-SR:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2009-1297",
        "datePublished": "2009-10-23T18:00:00.000Z",
        "dateReserved": "2009-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:49.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4432 (GCVE-0-2007-4432)

    Vulnerability from cvelistv5 – Published: 2007-08-20 19:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/46783 vdb-entryx_refsource_OSVDB
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/26543 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/46781 vdb-entryx_refsource_OSVDB
    http://osvdb.org/46784 vdb-entryx_refsource_OSVDB
    http://osvdb.org/46782 vdb-entryx_refsource_OSVDB
    Date Public
    2007-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:55.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46783",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46783"
              },
              {
                "name": "SUSE-SR:2007:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
              },
              {
                "name": "26543",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26543"
              },
              {
                "name": "46781",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46781"
              },
              {
                "name": "46784",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46784"
              },
              {
                "name": "46782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46782"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-09-13T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46783",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46783"
            },
            {
              "name": "SUSE-SR:2007:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
            },
            {
              "name": "26543",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26543"
            },
            {
              "name": "46781",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46781"
            },
            {
              "name": "46784",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46784"
            },
            {
              "name": "46782",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46782"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46783",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46783"
                },
                {
                  "name": "SUSE-SR:2007:017",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
                },
                {
                  "name": "26543",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26543"
                },
                {
                  "name": "46781",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46781"
                },
                {
                  "name": "46784",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46784"
                },
                {
                  "name": "46782",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46782"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4432",
        "datePublished": "2007-08-20T19:00:00.000Z",
        "dateReserved": "2007-08-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:55.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4394 (GCVE-0-2007-4394)

    Vulnerability from cvelistv5 – Published: 2007-08-17 22:00 – Updated: 2024-08-07 14:53
    VLAI
    Summary
    Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/46404 vdb-entryx_refsource_OSVDB
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/26395 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:53:55.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46404",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/46404"
              },
              {
                "name": "SUSE-SR:2007:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
              },
              {
                "name": "26395",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26395"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "46404",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/46404"
            },
            {
              "name": "SUSE-SR:2007:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
            },
            {
              "name": "26395",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26395"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in a \"core clean\" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "46404",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/46404"
                },
                {
                  "name": "SUSE-SR:2007:016",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html"
                },
                {
                  "name": "26395",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26395"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4394",
        "datePublished": "2007-08-17T22:00:00.000Z",
        "dateReserved": "2007-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:53:55.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1285 (GCVE-0-2007-1285)

    Vulnerability from cvelistv5 – Published: 2007-03-06 20:00 – Updated: 2024-08-07 12:50
    VLAI
    Summary
    The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://launchpad.net/bugs/173043 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/22764 vdb-entryx_refsource_BID
    http://rhn.redhat.com/errata/RHSA-2007-0154.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/26048 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/466166/100… mailing-listx_refsource_BUGTRAQ
    http://security.gentoo.org/glsa/glsa-200705-19.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/24941 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27864 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2007-01… vendor-advisoryx_refsource_REDHAT
    http://us2.php.net/releases/4_4_7.php x_refsource_CONFIRM
    http://www.php.net/releases/4_4_8.php x_refsource_CONFIRM
    http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
    http://www.php.net/ChangeLog-5.php#5.2.4 x_refsource_CONFIRM
    http://secunia.com/advisories/28936 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.php-security.org/MOPB/MOPB-03-2007.html x_refsource_MISC
    https://usn.ubuntu.com/549-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/24909 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/24945 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://issues.rpath.com/browse/RPL-1268 x_refsource_CONFIRM
    http://www.osvdb.org/32769 vdb-entryx_refsource_OSVDB
    http://us2.php.net/releases/5_2_2.php x_refsource_CONFIRM
    http://www.securitytracker.com/id?1017771 vdb-entryx_refsource_SECTRACK
    http://www.redhat.com/support/errata/RHSA-2007-00… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/24924 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2007-0155.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/24910 third-party-advisoryx_refsource_SECUNIA
    http://www.php.net/ChangeLog-4.php x_refsource_CONFIRM
    http://www.php.net/releases/5_2_4.php x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/25445 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2007-0163.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/usn-549-2 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/26642 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2007-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:50:35.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/173043"
              },
              {
                "name": "22764",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22764"
              },
              {
                "name": "RHSA-2007:0154",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
              },
              {
                "name": "26048",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26048"
              },
              {
                "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
              },
              {
                "name": "GLSA-200705-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
              },
              {
                "name": "24941",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24941"
              },
              {
                "name": "27864",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27864"
              },
              {
                "name": "RHSA-2007:0162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://us2.php.net/releases/4_4_7.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/releases/4_4_8.php"
              },
              {
                "name": "SSA:2008-045-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
              },
              {
                "name": "28936",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28936"
              },
              {
                "name": "MDKSA-2007:090",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
              },
              {
                "name": "USN-549-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/549-1/"
              },
              {
                "name": "24909",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24909"
              },
              {
                "name": "MDKSA-2007:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
              },
              {
                "name": "24945",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24945"
              },
              {
                "name": "oval:org.mitre.oval:def:11017",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1268"
              },
              {
                "name": "32769",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/32769"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://us2.php.net/releases/5_2_2.php"
              },
              {
                "name": "1017771",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017771"
              },
              {
                "name": "RHSA-2007:0082",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
              },
              {
                "name": "24924",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24924"
              },
              {
                "name": "RHSA-2007:0155",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
              },
              {
                "name": "24910",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24910"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/ChangeLog-4.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.php.net/releases/5_2_4.php"
              },
              {
                "name": "MDKSA-2007:089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
              },
              {
                "name": "25445",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25445"
              },
              {
                "name": "RHSA-2007:0163",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
              },
              {
                "name": "USN-549-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-549-2"
              },
              {
                "name": "26642",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26642"
              },
              {
                "name": "MDKSA-2007:088",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
              },
              {
                "name": "SUSE-SA:2007:044",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/bugs/173043"
            },
            {
              "name": "22764",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22764"
            },
            {
              "name": "RHSA-2007:0154",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
            },
            {
              "name": "26048",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26048"
            },
            {
              "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
            },
            {
              "name": "GLSA-200705-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
            },
            {
              "name": "24941",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24941"
            },
            {
              "name": "27864",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27864"
            },
            {
              "name": "RHSA-2007:0162",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://us2.php.net/releases/4_4_7.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/releases/4_4_8.php"
            },
            {
              "name": "SSA:2008-045-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
            },
            {
              "name": "28936",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28936"
            },
            {
              "name": "MDKSA-2007:090",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
            },
            {
              "name": "USN-549-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/549-1/"
            },
            {
              "name": "24909",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24909"
            },
            {
              "name": "MDKSA-2007:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
            },
            {
              "name": "24945",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24945"
            },
            {
              "name": "oval:org.mitre.oval:def:11017",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1268"
            },
            {
              "name": "32769",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/32769"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://us2.php.net/releases/5_2_2.php"
            },
            {
              "name": "1017771",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017771"
            },
            {
              "name": "RHSA-2007:0082",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
            },
            {
              "name": "24924",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24924"
            },
            {
              "name": "RHSA-2007:0155",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
            },
            {
              "name": "24910",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24910"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/ChangeLog-4.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.php.net/releases/5_2_4.php"
            },
            {
              "name": "MDKSA-2007:089",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
            },
            {
              "name": "25445",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25445"
            },
            {
              "name": "RHSA-2007:0163",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
            },
            {
              "name": "USN-549-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-549-2"
            },
            {
              "name": "26642",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26642"
            },
            {
              "name": "MDKSA-2007:088",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
            },
            {
              "name": "SUSE-SA:2007:044",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.net/bugs/173043",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/bugs/173043"
                },
                {
                  "name": "22764",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22764"
                },
                {
                  "name": "RHSA-2007:0154",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0154.html"
                },
                {
                  "name": "26048",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26048"
                },
                {
                  "name": "20070418 rPSA-2007-0073-1 php php-mysql php-pgsql",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/466166/100/0/threaded"
                },
                {
                  "name": "GLSA-200705-19",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
                },
                {
                  "name": "24941",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24941"
                },
                {
                  "name": "27864",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27864"
                },
                {
                  "name": "RHSA-2007:0162",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0162.html"
                },
                {
                  "name": "http://us2.php.net/releases/4_4_7.php",
                  "refsource": "CONFIRM",
                  "url": "http://us2.php.net/releases/4_4_7.php"
                },
                {
                  "name": "http://www.php.net/releases/4_4_8.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/releases/4_4_8.php"
                },
                {
                  "name": "SSA:2008-045-03",
                  "refsource": "SLACKWARE",
                  "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.335136"
                },
                {
                  "name": "http://www.php.net/ChangeLog-5.php#5.2.4",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/ChangeLog-5.php#5.2.4"
                },
                {
                  "name": "28936",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28936"
                },
                {
                  "name": "MDKSA-2007:090",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:090"
                },
                {
                  "name": "http://www.php-security.org/MOPB/MOPB-03-2007.html",
                  "refsource": "MISC",
                  "url": "http://www.php-security.org/MOPB/MOPB-03-2007.html"
                },
                {
                  "name": "USN-549-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/549-1/"
                },
                {
                  "name": "24909",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24909"
                },
                {
                  "name": "MDKSA-2007:087",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:087"
                },
                {
                  "name": "24945",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24945"
                },
                {
                  "name": "oval:org.mitre.oval:def:11017",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11017"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1268",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1268"
                },
                {
                  "name": "32769",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/32769"
                },
                {
                  "name": "http://us2.php.net/releases/5_2_2.php",
                  "refsource": "CONFIRM",
                  "url": "http://us2.php.net/releases/5_2_2.php"
                },
                {
                  "name": "1017771",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017771"
                },
                {
                  "name": "RHSA-2007:0082",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0082.html"
                },
                {
                  "name": "24924",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24924"
                },
                {
                  "name": "RHSA-2007:0155",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
                },
                {
                  "name": "24910",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24910"
                },
                {
                  "name": "http://www.php.net/ChangeLog-4.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/ChangeLog-4.php"
                },
                {
                  "name": "http://www.php.net/releases/5_2_4.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.php.net/releases/5_2_4.php"
                },
                {
                  "name": "MDKSA-2007:089",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:089"
                },
                {
                  "name": "25445",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25445"
                },
                {
                  "name": "RHSA-2007:0163",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2007-0163.html"
                },
                {
                  "name": "USN-549-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-549-2"
                },
                {
                  "name": "26642",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26642"
                },
                {
                  "name": "MDKSA-2007:088",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:088"
                },
                {
                  "name": "SUSE-SA:2007:044",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1285",
        "datePublished": "2007-03-06T20:00:00.000Z",
        "dateReserved": "2007-03-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:50:35.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4790 (GCVE-0-2005-4790)

    Vulnerability from cvelistv5 – Published: 2006-04-26 22:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://bugs.gentoo.org/show_bug.cgi?id=188806 x_refsource_MISC
    http://bugs.gentoo.org/show_bug.cgi?id=199841 x_refsource_CONFIRM
    http://secunia.com/advisories/27621 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/27608 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/28672 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.gnome.org/show_bug.cgi?id=485224 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://osvdb.org/39578 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/27799 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.redhat.com/show_bug.cgi?id=362941 x_refsource_CONFIRM
    http://bugs.gentoo.org/show_bug.cgi?id=189249 x_refsource_CONFIRM
    http://secunia.com/advisories/26480 third-party-advisoryx_refsource_SECUNIA
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/28339 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200711-12.xml vendor-advisoryx_refsource_GENTOO
    http://osvdb.org/39577 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/25341 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://usn.ubuntu.com/560-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200801-14.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2005-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:22.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
              },
              {
                "name": "27621",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27621"
              },
              {
                "name": "27608",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27608"
              },
              {
                "name": "28672",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28672"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
              },
              {
                "name": "MDVSA-2008:064",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
              },
              {
                "name": "39578",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39578"
              },
              {
                "name": "27799",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27799"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
              },
              {
                "name": "26480",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26480"
              },
              {
                "name": "SUSE-SR:2005:022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
              },
              {
                "name": "28339",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28339"
              },
              {
                "name": "GLSA-200711-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
              },
              {
                "name": "39577",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39577"
              },
              {
                "name": "25341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25341"
              },
              {
                "name": "FEDORA-2007-3011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
              },
              {
                "name": "USN-560-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/560-1/"
              },
              {
                "name": "FEDORA-2007-3792",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
              },
              {
                "name": "tomboy-ldlibrarypath-privilege-escalation(36054)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
              },
              {
                "name": "GLSA-200801-14",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.  NOTE: in August 2007, the tomboy vector was reported for other distributions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
            },
            {
              "name": "27621",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27621"
            },
            {
              "name": "27608",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27608"
            },
            {
              "name": "28672",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28672"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
            },
            {
              "name": "MDVSA-2008:064",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
            },
            {
              "name": "39578",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39578"
            },
            {
              "name": "27799",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27799"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
            },
            {
              "name": "26480",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26480"
            },
            {
              "name": "SUSE-SR:2005:022",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
            },
            {
              "name": "28339",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28339"
            },
            {
              "name": "GLSA-200711-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
            },
            {
              "name": "39577",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39577"
            },
            {
              "name": "25341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25341"
            },
            {
              "name": "FEDORA-2007-3011",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
            },
            {
              "name": "USN-560-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/560-1/"
            },
            {
              "name": "FEDORA-2007-3792",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
            },
            {
              "name": "tomboy-ldlibrarypath-privilege-escalation(36054)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
            },
            {
              "name": "GLSA-200801-14",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.  NOTE: in August 2007, the tomboy vector was reported for other distributions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=188806",
                  "refsource": "MISC",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=188806"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=199841",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=199841"
                },
                {
                  "name": "27621",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27621"
                },
                {
                  "name": "27608",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27608"
                },
                {
                  "name": "28672",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28672"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=485224",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=485224"
                },
                {
                  "name": "MDVSA-2008:064",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:064"
                },
                {
                  "name": "39578",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39578"
                },
                {
                  "name": "27799",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27799"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=362941",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=362941"
                },
                {
                  "name": "http://bugs.gentoo.org/show_bug.cgi?id=189249",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.gentoo.org/show_bug.cgi?id=189249"
                },
                {
                  "name": "26480",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26480"
                },
                {
                  "name": "SUSE-SR:2005:022",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
                },
                {
                  "name": "28339",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28339"
                },
                {
                  "name": "GLSA-200711-12",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200711-12.xml"
                },
                {
                  "name": "39577",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39577"
                },
                {
                  "name": "25341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25341"
                },
                {
                  "name": "FEDORA-2007-3011",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00206.html"
                },
                {
                  "name": "USN-560-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/560-1/"
                },
                {
                  "name": "FEDORA-2007-3792",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00913.html"
                },
                {
                  "name": "tomboy-ldlibrarypath-privilege-escalation(36054)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36054"
                },
                {
                  "name": "GLSA-200801-14",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200801-14.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4790",
        "datePublished": "2006-04-26T22:00:00.000Z",
        "dateReserved": "2006-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:22.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4791 (GCVE-0-2005-4791)

    Vulnerability from cvelistv5 – Published: 2006-04-26 22:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/39580 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/15040 vdb-entryx_refsource_BID
    http://secunia.com/advisories/27771 third-party-advisoryx_refsource_SECUNIA
    http://sourceforge.net/project/shownotes.php?rele… x_refsource_CONFIRM
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2007/3965 vdb-entryx_refsource_VUPEN
    Date Public
    2005-10-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:22.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "39580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/39580"
              },
              {
                "name": "15040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15040"
              },
              {
                "name": "27771",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27771"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
              },
              {
                "name": "SUSE-SR:2005:022",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
              },
              {
                "name": "ADV-2007-3965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3965"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-10-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-12-01T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "39580",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/39580"
            },
            {
              "name": "15040",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15040"
            },
            {
              "name": "27771",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27771"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
            },
            {
              "name": "SUSE-SR:2005:022",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
            },
            {
              "name": "ADV-2007-3965",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3965"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "39580",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/39580"
                },
                {
                  "name": "15040",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15040"
                },
                {
                  "name": "27771",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27771"
                },
                {
                  "name": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005",
                  "refsource": "CONFIRM",
                  "url": "http://sourceforge.net/project/shownotes.php?release_id=555823\u0026group_id=87005"
                },
                {
                  "name": "SUSE-SR:2005:022",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
                },
                {
                  "name": "ADV-2007-3965",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3965"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4791",
        "datePublished": "2006-04-26T22:00:00.000Z",
        "dateReserved": "2006-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:22.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }