Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for suse_linux_enterprise_point_of_sale by novell

    CVE-2017-1000366 (GCVE-0-2017-1000366)

    Vulnerability from nvd – Published: 2017-06-19 16:00 – Updated: 2024-08-05 22:00
    VLAI
    Summary
    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.qualys.com/2017/06/19/stack-clash/sta… x_refsource_MISC
    http://www.securitytracker.com/id/1038712 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/42275/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2017:1712 vendor-advisoryx_refsource_REDHAT
    https://www.suse.com/security/cve/CVE-2017-1000366/ x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1480 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/99127 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/42276/ exploitx_refsource_EXPLOIT-DB
    https://www.suse.com/support/kb/doc/?id=7020973 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1567 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/42274/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/security/cve/CVE-2017-1000366 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1481 vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2017/dsa-3887 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201706-19 vendor-advisoryx_refsource_GENTOO
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Sep/7 mailing-listx_refsource_FULLDISC
    https://seclists.org/bugtraq/2019/Sep/7 mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/154361/Cisco… x_refsource_MISC
    Date Public
    2017-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:00:39.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
              },
              {
                "name": "1038712",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038712"
              },
              {
                "name": "42275",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42275/"
              },
              {
                "name": "RHSA-2017:1712",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1712"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
              },
              {
                "name": "RHSA-2017:1479",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1479"
              },
              {
                "name": "RHSA-2017:1480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1480"
              },
              {
                "name": "99127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99127"
              },
              {
                "name": "42276",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42276/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.suse.com/support/kb/doc/?id=7020973"
              },
              {
                "name": "RHSA-2017:1567",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1567"
              },
              {
                "name": "42274",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42274/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
              },
              {
                "name": "RHSA-2017:1481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1481"
              },
              {
                "name": "DSA-3887",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3887"
              },
              {
                "name": "GLSA-201706-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201706-19"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-05T01:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
            },
            {
              "name": "1038712",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038712"
            },
            {
              "name": "42275",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42275/"
            },
            {
              "name": "RHSA-2017:1712",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1712"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
            },
            {
              "name": "RHSA-2017:1479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1479"
            },
            {
              "name": "RHSA-2017:1480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1480"
            },
            {
              "name": "99127",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99127"
            },
            {
              "name": "42276",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42276/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.suse.com/support/kb/doc/?id=7020973"
            },
            {
              "name": "RHSA-2017:1567",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1567"
            },
            {
              "name": "42274",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42274/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
            },
            {
              "name": "RHSA-2017:1481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1481"
            },
            {
              "name": "DSA-3887",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3887"
            },
            {
              "name": "GLSA-201706-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201706-19"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-1000366",
              "REQUESTER": "qsa@qualys.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
                  "refsource": "MISC",
                  "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
                },
                {
                  "name": "1038712",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038712"
                },
                {
                  "name": "42275",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42275/"
                },
                {
                  "name": "RHSA-2017:1712",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1712"
                },
                {
                  "name": "https://www.suse.com/security/cve/CVE-2017-1000366/",
                  "refsource": "CONFIRM",
                  "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
                },
                {
                  "name": "RHSA-2017:1479",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1479"
                },
                {
                  "name": "RHSA-2017:1480",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1480"
                },
                {
                  "name": "99127",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99127"
                },
                {
                  "name": "42276",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42276/"
                },
                {
                  "name": "https://www.suse.com/support/kb/doc/?id=7020973",
                  "refsource": "CONFIRM",
                  "url": "https://www.suse.com/support/kb/doc/?id=7020973"
                },
                {
                  "name": "RHSA-2017:1567",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1567"
                },
                {
                  "name": "42274",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42274/"
                },
                {
                  "name": "https://access.redhat.com/security/cve/CVE-2017-1000366",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
                },
                {
                  "name": "RHSA-2017:1481",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1481"
                },
                {
                  "name": "DSA-3887",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3887"
                },
                {
                  "name": "GLSA-201706-19",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201706-19"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205"
                },
                {
                  "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
                },
                {
                  "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/7"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000366",
        "datePublished": "2017-06-19T16:00:00.000Z",
        "dateReserved": "2017-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:00:39.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7995 (GCVE-0-2017-7995)

    Vulnerability from nvd – Published: 2017-05-03 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98314",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98314"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "98314",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98314"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98314",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98314"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033948",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7995",
        "datePublished": "2017-05-03T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1000366 (GCVE-0-2017-1000366)

    Vulnerability from cvelistv5 – Published: 2017-06-19 16:00 – Updated: 2024-08-05 22:00
    VLAI
    Summary
    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.qualys.com/2017/06/19/stack-clash/sta… x_refsource_MISC
    http://www.securitytracker.com/id/1038712 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/42275/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/errata/RHSA-2017:1712 vendor-advisoryx_refsource_REDHAT
    https://www.suse.com/security/cve/CVE-2017-1000366/ x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1479 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:1480 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/99127 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/42276/ exploitx_refsource_EXPLOIT-DB
    https://www.suse.com/support/kb/doc/?id=7020973 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1567 vendor-advisoryx_refsource_REDHAT
    https://www.exploit-db.com/exploits/42274/ exploitx_refsource_EXPLOIT-DB
    https://access.redhat.com/security/cve/CVE-2017-1000366 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2017:1481 vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2017/dsa-3887 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/201706-19 vendor-advisoryx_refsource_GENTOO
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Sep/7 mailing-listx_refsource_FULLDISC
    https://seclists.org/bugtraq/2019/Sep/7 mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/154361/Cisco… x_refsource_MISC
    Date Public
    2017-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:00:39.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
              },
              {
                "name": "1038712",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038712"
              },
              {
                "name": "42275",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42275/"
              },
              {
                "name": "RHSA-2017:1712",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1712"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
              },
              {
                "name": "RHSA-2017:1479",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1479"
              },
              {
                "name": "RHSA-2017:1480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1480"
              },
              {
                "name": "99127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99127"
              },
              {
                "name": "42276",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42276/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.suse.com/support/kb/doc/?id=7020973"
              },
              {
                "name": "RHSA-2017:1567",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1567"
              },
              {
                "name": "42274",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42274/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
              },
              {
                "name": "RHSA-2017:1481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1481"
              },
              {
                "name": "DSA-3887",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3887"
              },
              {
                "name": "GLSA-201706-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201706-19"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-05T01:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
            },
            {
              "name": "1038712",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038712"
            },
            {
              "name": "42275",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42275/"
            },
            {
              "name": "RHSA-2017:1712",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1712"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
            },
            {
              "name": "RHSA-2017:1479",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1479"
            },
            {
              "name": "RHSA-2017:1480",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1480"
            },
            {
              "name": "99127",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99127"
            },
            {
              "name": "42276",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42276/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.suse.com/support/kb/doc/?id=7020973"
            },
            {
              "name": "RHSA-2017:1567",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1567"
            },
            {
              "name": "42274",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42274/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
            },
            {
              "name": "RHSA-2017:1481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1481"
            },
            {
              "name": "DSA-3887",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3887"
            },
            {
              "name": "GLSA-201706-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201706-19"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-1000366",
              "REQUESTER": "qsa@qualys.com",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
                  "refsource": "MISC",
                  "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
                },
                {
                  "name": "1038712",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038712"
                },
                {
                  "name": "42275",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42275/"
                },
                {
                  "name": "RHSA-2017:1712",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1712"
                },
                {
                  "name": "https://www.suse.com/security/cve/CVE-2017-1000366/",
                  "refsource": "CONFIRM",
                  "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
                },
                {
                  "name": "RHSA-2017:1479",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1479"
                },
                {
                  "name": "RHSA-2017:1480",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1480"
                },
                {
                  "name": "99127",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99127"
                },
                {
                  "name": "42276",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42276/"
                },
                {
                  "name": "https://www.suse.com/support/kb/doc/?id=7020973",
                  "refsource": "CONFIRM",
                  "url": "https://www.suse.com/support/kb/doc/?id=7020973"
                },
                {
                  "name": "RHSA-2017:1567",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1567"
                },
                {
                  "name": "42274",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42274/"
                },
                {
                  "name": "https://access.redhat.com/security/cve/CVE-2017-1000366",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
                },
                {
                  "name": "RHSA-2017:1481",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1481"
                },
                {
                  "name": "DSA-3887",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3887"
                },
                {
                  "name": "GLSA-201706-19",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201706-19"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10205"
                },
                {
                  "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
                },
                {
                  "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/7"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-1000366",
        "datePublished": "2017-06-19T16:00:00.000Z",
        "dateReserved": "2017-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:00:39.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7995 (GCVE-0-2017-7995)

    Vulnerability from cvelistv5 – Published: 2017-05-03 19:00 – Updated: 2024-08-05 16:19
    VLAI
    Summary
    Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98314",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98314"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "98314",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98314"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-7995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98314",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98314"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033948",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
                },
                {
                  "name": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-7995",
        "datePublished": "2017-05-03T19:00:00.000Z",
        "dateReserved": "2017-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:19:29.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }