Search
Find a vulnerability
Search criteria
18 vulnerabilities found for unified_threat_management_software by sophos
CVE-2016-7442 (GCVE-0-2016-7442)
Vulnerability from nvd – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
VLAI
Summary
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036931 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93266 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/539518/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7442",
"datePublished": "2016-10-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7397 (GCVE-0-2016-7397)
Vulnerability from nvd – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
VLAI
Summary
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036931 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93266 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/539518/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7397",
"datePublished": "2016-10-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7547 (GCVE-0-2015-7547)
Vulnerability from nvd – Published: 2016-02-18 21:00 – Updated: 2024-08-06 07:51
VLAI
Summary
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
75 references
Date Public
2015-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035020",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035020"
},
{
"name": "HPSBGN03582",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"name": "SUSE-SU-2016:0471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"name": "RHSA-2016:0175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"name": "HPSBGN03551",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"name": "RHSA-2016:0225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
},
{
"name": "FEDORA-2016-0f9e9a34ce",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
},
{
"name": "DSA-3481",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"name": "USN-2900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "RHSA-2016:0277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
},
{
"name": "openSUSE-SU-2016:0511",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"name": "SUSE-SU-2016:0470",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
},
{
"name": "HPSBGN03549",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"name": "83265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "GLSA-201602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
},
{
"name": "HPSBGN03547",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"name": "SUSE-SU-2016:0472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"name": "40339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"name": "SUSE-SU-2016:0473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"name": "RHSA-2016:0176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
},
{
"name": "FEDORA-2016-0480defc94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
},
{
"name": "openSUSE-SU-2016:0512",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
},
{
"name": "DSA-3480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
},
{
"name": "39454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX206991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"name": "VU#457759",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/articles/2161461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
},
{
"name": "HPSBGN03442",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T18:06:34.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1035020",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035020"
},
{
"name": "HPSBGN03582",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"name": "SUSE-SU-2016:0471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"name": "RHSA-2016:0175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"name": "HPSBGN03551",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"name": "RHSA-2016:0225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
},
{
"name": "FEDORA-2016-0f9e9a34ce",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
},
{
"name": "DSA-3481",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"name": "USN-2900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "RHSA-2016:0277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
},
{
"name": "openSUSE-SU-2016:0511",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"name": "SUSE-SU-2016:0470",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
},
{
"name": "HPSBGN03549",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"name": "83265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "GLSA-201602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
},
{
"name": "HPSBGN03547",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"name": "SUSE-SU-2016:0472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"name": "40339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"name": "SUSE-SU-2016:0473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"name": "RHSA-2016:0176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
},
{
"name": "FEDORA-2016-0480defc94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
},
{
"name": "openSUSE-SU-2016:0512",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
},
{
"name": "DSA-3480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
},
{
"name": "39454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX206991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"name": "VU#457759",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/articles/2161461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
},
{
"name": "HPSBGN03442",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7547",
"datePublished": "2016-02-18T21:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2046 (GCVE-0-2016-2046)
Vulnerability from nvd – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:17
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1035048 | vdb-entryx_refsource_SECTRACK |
| http://seclists.org/fulldisclosure/2016/Feb/60 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/135709/Sopho… | x_refsource_MISC |
| http://www.halock.com/blog/cve-2016-2046-cross-si… | x_refsource_MISC |
Date Public
2016-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"name": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"name": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/",
"refsource": "MISC",
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2046",
"datePublished": "2016-02-17T15:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0778 (GCVE-0-2016-0778)
Vulnerability from nvd – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:28
VLAI
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
31 references
Date Public
2016-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "80698",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-0778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:28:06.198426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:28:32.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "80698",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0778",
"datePublished": "2016-01-14T00:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:28:32.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-0777 (GCVE-0-2016-0777)
Vulnerability from nvd – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:30
VLAI
Summary
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
34 references
Date Public
2016-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"name": "80695",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FreeBSD-SA-16:07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "FEDORA-2016-67c6ef0d4f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-0777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:29:54.649786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:30:01.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"name": "80695",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FreeBSD-SA-16:07",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "FEDORA-2016-67c6ef0d4f",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0777",
"datePublished": "2016-01-14T00:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:30:01.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-2537 (GCVE-0-2014-2537)
Vulnerability from nvd – Published: 2014-03-18 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1029920 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/57344 | third-party-advisoryx_refsource_SECUNIA |
| http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/66231 | vdb-entryx_refsource_BID |
Date Public
2014-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66231"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-27T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1029920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66231"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57344"
},
{
"name": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/",
"refsource": "CONFIRM",
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66231"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2537",
"datePublished": "2014-03-18T14:00:00.000Z",
"dateReserved": "2014-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:26.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5932 (GCVE-0-2013-5932)
Vulnerability from nvd – Published: 2013-09-23 20:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54881 | third-party-advisoryx_refsource_SECUNIA |
| http://blogs.sophos.com/2013/08/21/utm-up2date-9-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1029039 | vdb-entryx_refsource_SECTRACK |
Date Public
2013-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54881"
},
{
"name": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/",
"refsource": "CONFIRM",
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5932",
"datePublished": "2013-09-23T20:00:00.000Z",
"dateReserved": "2013-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:41.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3238 (GCVE-0-2012-3238)
Vulnerability from nvd – Published: 2012-07-09 22:00 – Updated: 2024-09-17 02:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://security.inshell.net/advisory/27 | x_refsource_MISC |
| http://www.astaro.com/en-uk/blog/up2date/8305 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.inshell.net/advisory/27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-09T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.inshell.net/advisory/27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"name": "http://security.inshell.net/advisory/27",
"refsource": "MISC",
"url": "http://security.inshell.net/advisory/27"
},
{
"name": "http://www.astaro.com/en-uk/blog/up2date/8305",
"refsource": "CONFIRM",
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3238",
"datePublished": "2012-07-09T22:00:00.000Z",
"dateReserved": "2012-06-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:12:02.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7442 (GCVE-0-2016-7442)
Vulnerability from cvelistv5 – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
VLAI
Summary
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036931 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93266 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/539518/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7442",
"datePublished": "2016-10-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7397 (GCVE-0-2016-7397)
Vulnerability from cvelistv5 – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
VLAI
Summary
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036931 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93266 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/539518/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036931"
},
{
"name": "93266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93266"
},
{
"name": "20160930 Multiple exposures in Sophos UTM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7397",
"datePublished": "2016-10-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7547 (GCVE-0-2015-7547)
Vulnerability from cvelistv5 – Published: 2016-02-18 21:00 – Updated: 2024-08-06 07:51
VLAI
Summary
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
75 references
Date Public
2015-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035020",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035020"
},
{
"name": "HPSBGN03582",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"name": "SUSE-SU-2016:0471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"name": "RHSA-2016:0175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"name": "HPSBGN03551",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"name": "RHSA-2016:0225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
},
{
"name": "FEDORA-2016-0f9e9a34ce",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
},
{
"name": "DSA-3481",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"name": "USN-2900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "RHSA-2016:0277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
},
{
"name": "openSUSE-SU-2016:0511",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"name": "SUSE-SU-2016:0470",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
},
{
"name": "HPSBGN03549",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"name": "83265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "GLSA-201602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
},
{
"name": "HPSBGN03547",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"name": "SUSE-SU-2016:0472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"name": "40339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"name": "SUSE-SU-2016:0473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"name": "RHSA-2016:0176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
},
{
"name": "FEDORA-2016-0480defc94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
},
{
"name": "openSUSE-SU-2016:0512",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
},
{
"name": "DSA-3480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
},
{
"name": "39454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX206991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"name": "VU#457759",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/articles/2161461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
},
{
"name": "HPSBGN03442",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T18:06:34.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1035020",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035020"
},
{
"name": "HPSBGN03582",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"name": "SUSE-SU-2016:0471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"name": "RHSA-2016:0175",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"name": "HPSBGN03551",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"name": "RHSA-2016:0225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
},
{
"name": "FEDORA-2016-0f9e9a34ce",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
},
{
"name": "DSA-3481",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "openSUSE-SU-2016:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"name": "USN-2900-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
},
{
"name": "RHSA-2016:0277",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
},
{
"name": "openSUSE-SU-2016:0511",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"name": "SUSE-SU-2016:0470",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
},
{
"name": "HPSBGN03549",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"name": "83265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "GLSA-201602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
},
{
"name": "HPSBGN03547",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"name": "SUSE-SU-2016:0472",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"name": "40339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"name": "SUSE-SU-2016:0473",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"name": "RHSA-2016:0176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
},
{
"name": "FEDORA-2016-0480defc94",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
},
{
"name": "openSUSE-SU-2016:0512",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
},
{
"name": "DSA-3480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
},
{
"name": "39454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX206991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"name": "VU#457759",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/articles/2161461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
},
{
"name": "HPSBGN03442",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7547",
"datePublished": "2016-02-18T21:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2046 (GCVE-0-2016-2046)
Vulnerability from cvelistv5 – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:17
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1035048 | vdb-entryx_refsource_SECTRACK |
| http://seclists.org/fulldisclosure/2016/Feb/60 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/135709/Sopho… | x_refsource_MISC |
| http://www.halock.com/blog/cve-2016-2046-cross-si… | x_refsource_MISC |
Date Public
2016-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"name": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"name": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/",
"refsource": "MISC",
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2046",
"datePublished": "2016-02-17T15:00:00.000Z",
"dateReserved": "2016-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0777 (GCVE-0-2016-0777)
Vulnerability from cvelistv5 – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:30
VLAI
Summary
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
34 references
Date Public
2016-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"name": "80695",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FreeBSD-SA-16:07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "FEDORA-2016-67c6ef0d4f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-0777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:29:54.649786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:30:01.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"name": "80695",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/80695"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "FreeBSD-SA-16:07",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
},
{
"name": "FEDORA-2016-c330264861",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "FEDORA-2016-67c6ef0d4f",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0777",
"datePublished": "2016-01-14T00:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:30:01.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-0778 (GCVE-0-2016-0778)
Vulnerability from cvelistv5 – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:28
VLAI
Summary
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
31 references
Date Public
2016-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "80698",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-0778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:28:06.198426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:28:32.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
},
{
"name": "SUSE-SU-2016:0117",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
},
{
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
},
{
"name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
},
{
"url": "https://support.apple.com/HT206167"
},
{
"name": "FEDORA-2016-4556904561",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"url": "http://www.openssh.com/txt/release-7.1p2"
},
{
"name": "openSUSE-SU-2016:0128",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
},
{
"name": "80698",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/80698"
},
{
"name": "FEDORA-2016-2e89eba0c1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa109"
},
{
"name": "1034671",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034671"
},
{
"name": "openSUSE-SU-2016:0127",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
},
{
"name": "GLSA-201601-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201601-01"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
},
{
"name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Jan/44"
},
{
"name": "SUSE-SU-2016:0119",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
},
{
"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
},
{
"name": "SUSE-SU-2016:0118",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
},
{
"name": "SUSE-SU-2016:0120",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
},
{
"name": "USN-2869-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2869-1"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "DSA-3446",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3446"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0778",
"datePublished": "2016-01-14T00:00:00.000Z",
"dateReserved": "2015-12-16T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:28:32.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-2537 (GCVE-0-2014-2537)
Vulnerability from cvelistv5 – Published: 2014-03-18 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1029920 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/57344 | third-party-advisoryx_refsource_SECUNIA |
| http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/66231 | vdb-entryx_refsource_BID |
Date Public
2014-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66231"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-27T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1029920",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66231"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029920"
},
{
"name": "57344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57344"
},
{
"name": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/",
"refsource": "CONFIRM",
"url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
},
{
"name": "66231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66231"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2537",
"datePublished": "2014-03-18T14:00:00.000Z",
"dateReserved": "2014-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:26.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5932 (GCVE-0-2013-5932)
Vulnerability from cvelistv5 – Published: 2013-09-23 20:00 – Updated: 2024-08-06 17:29
VLAI
Summary
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/54881 | third-party-advisoryx_refsource_SECUNIA |
| http://blogs.sophos.com/2013/08/21/utm-up2date-9-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1029039 | vdb-entryx_refsource_SECTRACK |
Date Public
2013-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:41.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54881",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54881"
},
{
"name": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/",
"refsource": "CONFIRM",
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5932",
"datePublished": "2013-09-23T20:00:00.000Z",
"dateReserved": "2013-09-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:29:41.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3238 (GCVE-0-2012-3238)
Vulnerability from cvelistv5 – Published: 2012-07-09 22:00 – Updated: 2024-09-17 02:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://security.inshell.net/advisory/27 | x_refsource_MISC |
| http://www.astaro.com/en-uk/blog/up2date/8305 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.inshell.net/advisory/27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-09T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.inshell.net/advisory/27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
},
{
"name": "http://security.inshell.net/advisory/27",
"refsource": "MISC",
"url": "http://security.inshell.net/advisory/27"
},
{
"name": "http://www.astaro.com/en-uk/blog/up2date/8305",
"refsource": "CONFIRM",
"url": "http://www.astaro.com/en-uk/blog/up2date/8305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3238",
"datePublished": "2012-07-09T22:00:00.000Z",
"dateReserved": "2012-06-06T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:12:02.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}