Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for unified_threat_management_software by sophos

    CVE-2016-7442 (GCVE-0-2016-7442)

    Vulnerability from nvd – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036931 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93266 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/539518/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2016-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036931"
              },
              {
                "name": "93266",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93266"
              },
              {
                "name": "20160930 Multiple exposures in Sophos UTM",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1036931",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036931"
            },
            {
              "name": "93266",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93266"
            },
            {
              "name": "20160930 Multiple exposures in Sophos UTM",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-7442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036931",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036931"
                },
                {
                  "name": "93266",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93266"
                },
                {
                  "name": "20160930 Multiple exposures in Sophos UTM",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-7442",
        "datePublished": "2016-10-03T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7397 (GCVE-0-2016-7397)

    Vulnerability from nvd – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036931 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93266 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/539518/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2016-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036931"
              },
              {
                "name": "93266",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93266"
              },
              {
                "name": "20160930 Multiple exposures in Sophos UTM",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1036931",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036931"
            },
            {
              "name": "93266",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93266"
            },
            {
              "name": "20160930 Multiple exposures in Sophos UTM",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-7397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036931",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036931"
                },
                {
                  "name": "93266",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93266"
                },
                {
                  "name": "20160930 Multiple exposures in Sophos UTM",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-7397",
        "datePublished": "2016-10-03T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7547 (GCVE-0-2015-7547)

    Vulnerability from nvd – Published: 2016-02-18 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1035020 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=146161017210491&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0175.html vendor-advisoryx_refsource_REDHAT
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://blogs.sophos.com/2016/02/29/utm-up2date-9… x_refsource_CONFIRM
    https://sourceware.org/bugzilla/show_bug.cgi?id=18665 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145857691004892&w=2 vendor-advisoryx_refsource_HP
    http://rhn.redhat.com/errata/RHSA-2016-0225.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3481 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://ubuntu.com/usn/usn-2900-1 vendor-advisoryx_refsource_UBUNTU
    http://www.fortiguard.com/advisory/glibc-getaddri… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0277.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://googleonlinesecurity.blogspot.com/2016/02… x_refsource_MISC
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2016021… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://blogs.sophos.com/2016/02/24/utm-up2date-9… x_refsource_CONFIRM
    https://support.lenovo.com/us/en/product_security… x_refsource_CONFIRM
    https://www.tenable.com/security/research/tra-2017-08 x_refsource_MISC
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145672440608228&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/83265 vdb-entryx_refsource_BID
    http://fortiguard.com/advisory/glibc-getaddrinfo-… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201602-02 vendor-advisoryx_refsource_GENTOO
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145596041017029&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/40339/ exploitx_refsource_EXPLOIT-DB
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://bto.bluecoat.com/security-advisory/sa114 x_refsource_CONFIRM
    https://sourceware.org/ml/libc-alpha/2016-02/msg0… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    http://packetstormsecurity.com/files/135802/glibc… x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=1293532 x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0176.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3480 vendor-advisoryx_refsource_DEBIAN
    https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01 x_refsource_MISC
    https://www.exploit-db.com/exploits/39454/ exploitx_refsource_EXPLOIT-DB
    http://support.citrix.com/article/CTX206991 x_refsource_CONFIRM
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://www.kb.cert.org/vuls/id/457759 third-party-advisoryx_refsource_CERT-VN
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://access.redhat.com/articles/2161461 x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145690841819314&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Sep/7 mailing-listx_refsource_FULLDISC
    https://seclists.org/bugtraq/2019/Sep/7 mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/154361/Cisco… x_refsource_MISC
    http://seclists.org/fulldisclosure/2021/Sep/0 mailing-listx_refsource_FULLDISC
    http://packetstormsecurity.com/files/164014/Moxa-… x_refsource_MISC
    https://www.arista.com/en/support/advisories-noti… x_refsource_MISC
    http://seclists.org/fulldisclosure/2022/Jun/36 mailing-listx_refsource_FULLDISC
    http://packetstormsecurity.com/files/167552/Nexan… x_refsource_MISC
    Date Public
    2015-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1035020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035020"
              },
              {
                "name": "HPSBGN03582",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
              },
              {
                "name": "SUSE-SU-2016:0471",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
              },
              {
                "name": "RHSA-2016:0175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
              },
              {
                "name": "HPSBGN03551",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
              },
              {
                "name": "RHSA-2016:0225",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
              },
              {
                "name": "FEDORA-2016-0f9e9a34ce",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
              },
              {
                "name": "DSA-3481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3481"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "openSUSE-SU-2016:0510",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
              },
              {
                "name": "USN-2900-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-2900-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
              },
              {
                "name": "RHSA-2016:0277",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
              },
              {
                "name": "openSUSE-SU-2016:0511",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
              },
              {
                "name": "SUSE-SU-2016:0470",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len_5450"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2017-08"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
              },
              {
                "name": "HPSBGN03549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
              },
              {
                "name": "83265",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/83265"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
              },
              {
                "name": "GLSA-201602-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201602-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
              },
              {
                "name": "HPSBGN03547",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
              },
              {
                "name": "SUSE-SU-2016:0472",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
              },
              {
                "name": "40339",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40339/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa114"
              },
              {
                "name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
              },
              {
                "name": "SUSE-SU-2016:0473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
              },
              {
                "name": "RHSA-2016:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
              },
              {
                "name": "FEDORA-2016-0480defc94",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
              },
              {
                "name": "openSUSE-SU-2016:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
              },
              {
                "name": "DSA-3480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3480"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
              },
              {
                "name": "39454",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39454/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX206991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
              },
              {
                "name": "VU#457759",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/457759"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/articles/2161461"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
              },
              {
                "name": "HPSBGN03442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
              },
              {
                "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
              },
              {
                "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/36"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-20T18:06:34.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "1035020",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035020"
            },
            {
              "name": "HPSBGN03582",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
            },
            {
              "name": "SUSE-SU-2016:0471",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
            },
            {
              "name": "RHSA-2016:0175",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
            },
            {
              "name": "HPSBGN03551",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
            },
            {
              "name": "RHSA-2016:0225",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
            },
            {
              "name": "FEDORA-2016-0f9e9a34ce",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
            },
            {
              "name": "DSA-3481",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3481"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "openSUSE-SU-2016:0510",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
            },
            {
              "name": "USN-2900-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-2900-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
            },
            {
              "name": "RHSA-2016:0277",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
            },
            {
              "name": "openSUSE-SU-2016:0511",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
            },
            {
              "name": "SUSE-SU-2016:0470",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len_5450"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/research/tra-2017-08"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
            },
            {
              "name": "HPSBGN03549",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
            },
            {
              "name": "83265",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/83265"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "GLSA-201602-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201602-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
            },
            {
              "name": "HPSBGN03547",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
            },
            {
              "name": "SUSE-SU-2016:0472",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
            },
            {
              "name": "40339",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40339/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa114"
            },
            {
              "name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
            },
            {
              "name": "SUSE-SU-2016:0473",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
            },
            {
              "name": "RHSA-2016:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
            },
            {
              "name": "FEDORA-2016-0480defc94",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
            },
            {
              "name": "openSUSE-SU-2016:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
            },
            {
              "name": "DSA-3480",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3480"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
            },
            {
              "name": "39454",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39454/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX206991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
            },
            {
              "name": "VU#457759",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/457759"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/articles/2161461"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
            },
            {
              "name": "HPSBGN03442",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
            },
            {
              "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
            },
            {
              "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/36"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7547",
        "datePublished": "2016-02-18T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2046 (GCVE-0-2016-2046)

    Vulnerability from nvd – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:17:50.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1035048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035048"
              },
              {
                "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Feb/60"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-02T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1035048",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035048"
            },
            {
              "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/60"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-2046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1035048",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035048"
                },
                {
                  "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Feb/60"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
                },
                {
                  "name": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/",
                  "refsource": "MISC",
                  "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-2046",
        "datePublished": "2016-02-17T15:00:00.000Z",
        "dateReserved": "2016-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:17:50.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0778 (GCVE-0-2016-0778)

    Vulnerability from nvd – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:28
    VLAI
    Summary
    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    URL Tags
    https://blogs.sophos.com/2016/02/17/utm-up2date-9…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://blogs.sophos.com/2016/02/29/utm-up2date-9…
    http://lists.apple.com/archives/security-announce… vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.securityfocus.com/archive/1/537295/100… mailing-list
    https://support.apple.com/HT206167
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://kb.juniper.net/InfoCenter/index?page=conte…
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.oracle.com/technetwork/topics/security…
    http://www.openssh.com/txt/release-7.1p2
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.securityfocus.com/bid/80698 vdb-entry
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    https://bto.bluecoat.com/security-advisory/sa109
    http://www.securitytracker.com/id/1034671 vdb-entry
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://security.gentoo.org/glsa/201601-01 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.openwall.com/lists/oss-security/2016/01/14/7 mailing-list
    http://seclists.org/fulldisclosure/2016/Jan/44 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://packetstormsecurity.com/files/135273/Qualy…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-2869-1 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.oracle.com/technetwork/topics/security…
    http://www.debian.org/security/2016/dsa-3446 vendor-advisory
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:30:04.062Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
              },
              {
                "name": "SUSE-SU-2016:0117",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
              },
              {
                "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "name": "FEDORA-2016-4556904561",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openssh.com/txt/release-7.1p2"
              },
              {
                "name": "openSUSE-SU-2016:0128",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
              },
              {
                "name": "80698",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/80698"
              },
              {
                "name": "FEDORA-2016-2e89eba0c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa109"
              },
              {
                "name": "1034671",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034671"
              },
              {
                "name": "openSUSE-SU-2016:0127",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
              },
              {
                "name": "GLSA-201601-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201601-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
              },
              {
                "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
              },
              {
                "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
              },
              {
                "name": "SUSE-SU-2016:0119",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
              },
              {
                "name": "SUSE-SU-2016:0118",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
              },
              {
                "name": "SUSE-SU-2016:0120",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
              },
              {
                "name": "USN-2869-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2869-1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "DSA-3446",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3446"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-0778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:28:06.198426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:28:32.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
            },
            {
              "name": "SUSE-SU-2016:0117",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
            },
            {
              "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
            },
            {
              "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
            },
            {
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "FEDORA-2016-4556904561",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "url": "http://www.openssh.com/txt/release-7.1p2"
            },
            {
              "name": "openSUSE-SU-2016:0128",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
            },
            {
              "name": "80698",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/80698"
            },
            {
              "name": "FEDORA-2016-2e89eba0c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa109"
            },
            {
              "name": "1034671",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034671"
            },
            {
              "name": "openSUSE-SU-2016:0127",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
            },
            {
              "name": "GLSA-201601-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201601-01"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
            },
            {
              "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
            },
            {
              "name": "SUSE-SU-2016:0119",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
            },
            {
              "name": "SUSE-SU-2016:0118",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
            },
            {
              "name": "SUSE-SU-2016:0120",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
            },
            {
              "name": "USN-2869-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2869-1"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "DSA-3446",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3446"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-0778",
        "datePublished": "2016-01-14T00:00:00.000Z",
        "dateReserved": "2015-12-16T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:28:32.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2016-0777 (GCVE-0-2016-0777)

    Vulnerability from nvd – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:30
    VLAI
    Summary
    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://blogs.sophos.com/2016/02/17/utm-up2date-9…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://blogs.sophos.com/2016/02/29/utm-up2date-9…
    http://lists.apple.com/archives/security-announce… vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.securityfocus.com/archive/1/537295/100… mailing-list
    https://support.apple.com/HT206167
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://kb.juniper.net/InfoCenter/index?page=conte…
    http://www.securityfocus.com/bid/80695 vdb-entry
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisory
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://www.oracle.com/technetwork/topics/security…
    http://www.openssh.com/txt/release-7.1p2
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    https://bto.bluecoat.com/security-advisory/sa109
    http://www.securitytracker.com/id/1034671 vdb-entry
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://security.gentoo.org/glsa/201601-01 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.openwall.com/lists/oss-security/2016/01/14/7 mailing-list
    http://seclists.org/fulldisclosure/2016/Jan/44 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://packetstormsecurity.com/files/135273/Qualy…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-2869-1 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.oracle.com/technetwork/topics/security…
    http://www.debian.org/security/2016/dsa-3446 vendor-advisory
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:30:04.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
              },
              {
                "name": "SUSE-SU-2016:0117",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
              },
              {
                "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "name": "FEDORA-2016-4556904561",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
              },
              {
                "name": "80695",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/80695"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
              },
              {
                "name": "FreeBSD-SA-16:07",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
              },
              {
                "name": "FEDORA-2016-c330264861",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openssh.com/txt/release-7.1p2"
              },
              {
                "name": "openSUSE-SU-2016:0128",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
              },
              {
                "name": "FEDORA-2016-2e89eba0c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa109"
              },
              {
                "name": "1034671",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034671"
              },
              {
                "name": "openSUSE-SU-2016:0127",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
              },
              {
                "name": "GLSA-201601-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201601-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
              },
              {
                "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
              },
              {
                "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
              },
              {
                "name": "SUSE-SU-2016:0119",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
              },
              {
                "name": "SUSE-SU-2016:0118",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
              },
              {
                "name": "FEDORA-2016-67c6ef0d4f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
              },
              {
                "name": "SUSE-SU-2016:0120",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
              },
              {
                "name": "USN-2869-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2869-1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "DSA-3446",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3446"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-0777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:29:54.649786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:30:01.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
            },
            {
              "name": "SUSE-SU-2016:0117",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
            },
            {
              "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
            },
            {
              "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
            },
            {
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "FEDORA-2016-4556904561",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
            },
            {
              "name": "80695",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/80695"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
            },
            {
              "name": "FreeBSD-SA-16:07",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
            },
            {
              "name": "FEDORA-2016-c330264861",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "url": "http://www.openssh.com/txt/release-7.1p2"
            },
            {
              "name": "openSUSE-SU-2016:0128",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
            },
            {
              "name": "FEDORA-2016-2e89eba0c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa109"
            },
            {
              "name": "1034671",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034671"
            },
            {
              "name": "openSUSE-SU-2016:0127",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
            },
            {
              "name": "GLSA-201601-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201601-01"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
            },
            {
              "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
            },
            {
              "name": "SUSE-SU-2016:0119",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
            },
            {
              "name": "SUSE-SU-2016:0118",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
            },
            {
              "name": "FEDORA-2016-67c6ef0d4f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
            },
            {
              "name": "SUSE-SU-2016:0120",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
            },
            {
              "name": "USN-2869-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2869-1"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "DSA-3446",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3446"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-0777",
        "datePublished": "2016-01-14T00:00:00.000Z",
        "dateReserved": "2015-12-16T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:30:01.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-2537 (GCVE-0-2014-2537)

    Vulnerability from nvd – Published: 2014-03-18 14:00 – Updated: 2024-08-06 10:14
    VLAI
    Summary
    Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1029920 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/57344 third-party-advisoryx_refsource_SECUNIA
    http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/ x_refsource_CONFIRM
    http://www.securityfocus.com/bid/66231 vdb-entryx_refsource_BID
    Date Public
    2014-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:14:26.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1029920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1029920"
              },
              {
                "name": "57344",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
              },
              {
                "name": "66231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66231"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-27T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1029920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1029920"
            },
            {
              "name": "57344",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
            },
            {
              "name": "66231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66231"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1029920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1029920"
                },
                {
                  "name": "57344",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57344"
                },
                {
                  "name": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
                },
                {
                  "name": "66231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66231"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2537",
        "datePublished": "2014-03-18T14:00:00.000Z",
        "dateReserved": "2014-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:14:26.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5932 (GCVE-0-2013-5932)

    Vulnerability from nvd – Published: 2013-09-23 20:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/54881 third-party-advisoryx_refsource_SECUNIA
    http://blogs.sophos.com/2013/08/21/utm-up2date-9-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1029039 vdb-entryx_refsource_SECTRACK
    Date Public
    2013-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:41.699Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "54881",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54881"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
              },
              {
                "name": "1029039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1029039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-10-04T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "54881",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54881"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
            },
            {
              "name": "1029039",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1029039"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "54881",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54881"
                },
                {
                  "name": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
                },
                {
                  "name": "1029039",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1029039"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5932",
        "datePublished": "2013-09-23T20:00:00.000Z",
        "dateReserved": "2013-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:41.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3238 (GCVE-0-2012-3238)

    Vulnerability from nvd – Published: 2012-07-09 22:00 – Updated: 2024-09-17 02:12
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:57:50.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.inshell.net/advisory/27"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.astaro.com/en-uk/blog/up2date/8305"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-09T22:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.inshell.net/advisory/27"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.astaro.com/en-uk/blog/up2date/8305"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-3238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
                },
                {
                  "name": "http://security.inshell.net/advisory/27",
                  "refsource": "MISC",
                  "url": "http://security.inshell.net/advisory/27"
                },
                {
                  "name": "http://www.astaro.com/en-uk/blog/up2date/8305",
                  "refsource": "CONFIRM",
                  "url": "http://www.astaro.com/en-uk/blog/up2date/8305"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-3238",
        "datePublished": "2012-07-09T22:00:00.000Z",
        "dateReserved": "2012-06-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:12:02.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7442 (GCVE-0-2016-7442)

    Vulnerability from cvelistv5 – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036931 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93266 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/539518/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2016-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036931"
              },
              {
                "name": "93266",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93266"
              },
              {
                "name": "20160930 Multiple exposures in Sophos UTM",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1036931",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036931"
            },
            {
              "name": "93266",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93266"
            },
            {
              "name": "20160930 Multiple exposures in Sophos UTM",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-7442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the proxy user settings in \"system settings / scan settings / anti spam\" configuration tab."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036931",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036931"
                },
                {
                  "name": "93266",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93266"
                },
                {
                  "name": "20160930 Multiple exposures in Sophos UTM",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-7442",
        "datePublished": "2016-10-03T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7397 (GCVE-0-2016-7397)

    Vulnerability from cvelistv5 – Published: 2016-10-03 16:00 – Updated: 2024-08-06 01:57
    VLAI
    Summary
    The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in the notifications configuration tab.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036931 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/93266 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/539518/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2016-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:57:47.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036931",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036931"
              },
              {
                "name": "93266",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93266"
              },
              {
                "name": "20160930 Multiple exposures in Sophos UTM",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1036931",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036931"
            },
            {
              "name": "93266",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93266"
            },
            {
              "name": "20160930 Multiple exposures in Sophos UTM",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-7397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the \"value\" field of the SMTP user settings in the notifications configuration tab."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036931",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036931"
                },
                {
                  "name": "93266",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93266"
                },
                {
                  "name": "20160930 Multiple exposures in Sophos UTM",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/539518/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-7397",
        "datePublished": "2016-10-03T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:57:47.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7547 (GCVE-0-2015-7547)

    Vulnerability from cvelistv5 – Published: 2016-02-18 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1035020 vdb-entryx_refsource_SECTRACK
    http://marc.info/?l=bugtraq&m=146161017210491&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0175.html vendor-advisoryx_refsource_REDHAT
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://blogs.sophos.com/2016/02/29/utm-up2date-9… x_refsource_CONFIRM
    https://sourceware.org/bugzilla/show_bug.cgi?id=18665 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145857691004892&w=2 vendor-advisoryx_refsource_HP
    http://rhn.redhat.com/errata/RHSA-2016-0225.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3481 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://ubuntu.com/usn/usn-2900-1 vendor-advisoryx_refsource_UBUNTU
    http://www.fortiguard.com/advisory/glibc-getaddri… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0277.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://googleonlinesecurity.blogspot.com/2016/02… x_refsource_MISC
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2016021… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://blogs.sophos.com/2016/02/24/utm-up2date-9… x_refsource_CONFIRM
    https://support.lenovo.com/us/en/product_security… x_refsource_CONFIRM
    https://www.tenable.com/security/research/tra-2017-08 x_refsource_MISC
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145672440608228&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/83265 vdb-entryx_refsource_BID
    http://fortiguard.com/advisory/glibc-getaddrinfo-… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201602-02 vendor-advisoryx_refsource_GENTOO
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145596041017029&w=2 vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.exploit-db.com/exploits/40339/ exploitx_refsource_EXPLOIT-DB
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://bto.bluecoat.com/security-advisory/sa114 x_refsource_CONFIRM
    https://sourceware.org/ml/libc-alpha/2016-02/msg0… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://help.ecostruxureit.com/display/public/UAD… x_refsource_CONFIRM
    http://packetstormsecurity.com/files/135802/glibc… x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=1293532 x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/hpsc/doc/public/displ… x_refsource_CONFIRM
    https://support.f5.com/kb/en-us/solutions/public/… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-0176.html vendor-advisoryx_refsource_REDHAT
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3480 vendor-advisoryx_refsource_DEBIAN
    https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01 x_refsource_MISC
    https://www.exploit-db.com/exploits/39454/ exploitx_refsource_EXPLOIT-DB
    http://support.citrix.com/article/CTX206991 x_refsource_CONFIRM
    http://www.huawei.com/en/psirt/security-advisorie… x_refsource_CONFIRM
    https://www.kb.cert.org/vuls/id/457759 third-party-advisoryx_refsource_CERT-VN
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://access.redhat.com/articles/2161461 x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145690841819314&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://seclists.org/fulldisclosure/2019/Sep/7 mailing-listx_refsource_FULLDISC
    https://seclists.org/bugtraq/2019/Sep/7 mailing-listx_refsource_BUGTRAQ
    http://packetstormsecurity.com/files/154361/Cisco… x_refsource_MISC
    http://seclists.org/fulldisclosure/2021/Sep/0 mailing-listx_refsource_FULLDISC
    http://packetstormsecurity.com/files/164014/Moxa-… x_refsource_MISC
    https://www.arista.com/en/support/advisories-noti… x_refsource_MISC
    http://seclists.org/fulldisclosure/2022/Jun/36 mailing-listx_refsource_FULLDISC
    http://packetstormsecurity.com/files/167552/Nexan… x_refsource_MISC
    Date Public
    2015-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1035020",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035020"
              },
              {
                "name": "HPSBGN03582",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
              },
              {
                "name": "SUSE-SU-2016:0471",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
              },
              {
                "name": "RHSA-2016:0175",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
              },
              {
                "name": "HPSBGN03551",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
              },
              {
                "name": "RHSA-2016:0225",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
              },
              {
                "name": "FEDORA-2016-0f9e9a34ce",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
              },
              {
                "name": "DSA-3481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3481"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "openSUSE-SU-2016:0510",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
              },
              {
                "name": "USN-2900-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-2900-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
              },
              {
                "name": "RHSA-2016:0277",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
              },
              {
                "name": "openSUSE-SU-2016:0511",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
              },
              {
                "name": "SUSE-SU-2016:0470",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len_5450"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2017-08"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
              },
              {
                "name": "HPSBGN03549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
              },
              {
                "name": "83265",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/83265"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
              },
              {
                "name": "GLSA-201602-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201602-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
              },
              {
                "name": "HPSBGN03547",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
              },
              {
                "name": "SUSE-SU-2016:0472",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
              },
              {
                "name": "40339",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40339/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa114"
              },
              {
                "name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
              },
              {
                "name": "SUSE-SU-2016:0473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
              },
              {
                "name": "RHSA-2016:0176",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
              },
              {
                "name": "FEDORA-2016-0480defc94",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
              },
              {
                "name": "openSUSE-SU-2016:0512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
              },
              {
                "name": "DSA-3480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3480"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
              },
              {
                "name": "39454",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/39454/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.citrix.com/article/CTX206991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
              },
              {
                "name": "VU#457759",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/457759"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/articles/2161461"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
              },
              {
                "name": "HPSBGN03442",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
              },
              {
                "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
              },
              {
                "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
              },
              {
                "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/36"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-20T18:06:34.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "1035020",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035020"
            },
            {
              "name": "HPSBGN03582",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
            },
            {
              "name": "SUSE-SU-2016:0471",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
            },
            {
              "name": "RHSA-2016:0175",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0175.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
            },
            {
              "name": "HPSBGN03551",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
            },
            {
              "name": "RHSA-2016:0225",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0225.html"
            },
            {
              "name": "FEDORA-2016-0f9e9a34ce",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161"
            },
            {
              "name": "DSA-3481",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3481"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "openSUSE-SU-2016:0510",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
            },
            {
              "name": "USN-2900-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-2900-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917"
            },
            {
              "name": "RHSA-2016:0277",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0277.html"
            },
            {
              "name": "openSUSE-SU-2016:0511",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
            },
            {
              "name": "SUSE-SU-2016:0470",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len_5450"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/research/tra-2017-08"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2016-0002.html"
            },
            {
              "name": "HPSBGN03549",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
            },
            {
              "name": "83265",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/83265"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
            },
            {
              "name": "GLSA-201602-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201602-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937"
            },
            {
              "name": "HPSBGN03547",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
            },
            {
              "name": "SUSE-SU-2016:0472",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
            },
            {
              "name": "40339",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40339/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa114"
            },
            {
              "name": "[libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
            },
            {
              "name": "SUSE-SU-2016:0473",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
            },
            {
              "name": "RHSA-2016:0176",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0176.html"
            },
            {
              "name": "FEDORA-2016-0480defc94",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html"
            },
            {
              "name": "openSUSE-SU-2016:0512",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404"
            },
            {
              "name": "DSA-3480",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3480"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01"
            },
            {
              "name": "39454",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/39454/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.citrix.com/article/CTX206991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
            },
            {
              "name": "VU#457759",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/457759"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/articles/2161461"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10150"
            },
            {
              "name": "HPSBGN03442",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Sep/7"
            },
            {
              "name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
            },
            {
              "name": "20210901 SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Sep/0"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
            },
            {
              "name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/36"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7547",
        "datePublished": "2016-02-18T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2046 (GCVE-0-2016-2046)

    Vulnerability from cvelistv5 – Published: 2016-02-17 15:00 – Updated: 2024-08-05 23:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:17:50.120Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1035048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035048"
              },
              {
                "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Feb/60"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-02T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1035048",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035048"
            },
            {
              "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/60"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-2046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1035048",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035048"
                },
                {
                  "name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Feb/60"
                },
                {
                  "name": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
                },
                {
                  "name": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/",
                  "refsource": "MISC",
                  "url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-2046",
        "datePublished": "2016-02-17T15:00:00.000Z",
        "dateReserved": "2016-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:17:50.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-0777 (GCVE-0-2016-0777)

    Vulnerability from cvelistv5 – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:30
    VLAI
    Summary
    The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://blogs.sophos.com/2016/02/17/utm-up2date-9…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://blogs.sophos.com/2016/02/29/utm-up2date-9…
    http://lists.apple.com/archives/security-announce… vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.securityfocus.com/archive/1/537295/100… mailing-list
    https://support.apple.com/HT206167
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://kb.juniper.net/InfoCenter/index?page=conte…
    http://www.securityfocus.com/bid/80695 vdb-entry
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisory
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://www.oracle.com/technetwork/topics/security…
    http://www.openssh.com/txt/release-7.1p2
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    https://bto.bluecoat.com/security-advisory/sa109
    http://www.securitytracker.com/id/1034671 vdb-entry
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://security.gentoo.org/glsa/201601-01 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.openwall.com/lists/oss-security/2016/01/14/7 mailing-list
    http://seclists.org/fulldisclosure/2016/Jan/44 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://packetstormsecurity.com/files/135273/Qualy…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-2869-1 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.oracle.com/technetwork/topics/security…
    http://www.debian.org/security/2016/dsa-3446 vendor-advisory
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:30:04.441Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
              },
              {
                "name": "SUSE-SU-2016:0117",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
              },
              {
                "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "name": "FEDORA-2016-4556904561",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
              },
              {
                "name": "80695",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/80695"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
              },
              {
                "name": "FreeBSD-SA-16:07",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
              },
              {
                "name": "FEDORA-2016-c330264861",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openssh.com/txt/release-7.1p2"
              },
              {
                "name": "openSUSE-SU-2016:0128",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
              },
              {
                "name": "FEDORA-2016-2e89eba0c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa109"
              },
              {
                "name": "1034671",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034671"
              },
              {
                "name": "openSUSE-SU-2016:0127",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
              },
              {
                "name": "GLSA-201601-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201601-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
              },
              {
                "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
              },
              {
                "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
              },
              {
                "name": "SUSE-SU-2016:0119",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
              },
              {
                "name": "SUSE-SU-2016:0118",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
              },
              {
                "name": "FEDORA-2016-67c6ef0d4f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
              },
              {
                "name": "SUSE-SU-2016:0120",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
              },
              {
                "name": "USN-2869-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2869-1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "DSA-3446",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3446"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-0777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:29:54.649786Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:30:01.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
            },
            {
              "name": "SUSE-SU-2016:0117",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
            },
            {
              "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
            },
            {
              "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
            },
            {
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "FEDORA-2016-4556904561",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
            },
            {
              "name": "80695",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/80695"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
            },
            {
              "name": "FreeBSD-SA-16:07",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc"
            },
            {
              "name": "FEDORA-2016-c330264861",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "url": "http://www.openssh.com/txt/release-7.1p2"
            },
            {
              "name": "openSUSE-SU-2016:0128",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
            },
            {
              "name": "FEDORA-2016-2e89eba0c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa109"
            },
            {
              "name": "1034671",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034671"
            },
            {
              "name": "openSUSE-SU-2016:0127",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
            },
            {
              "name": "GLSA-201601-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201601-01"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
            },
            {
              "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
            },
            {
              "name": "SUSE-SU-2016:0119",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
            },
            {
              "name": "SUSE-SU-2016:0118",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
            },
            {
              "name": "FEDORA-2016-67c6ef0d4f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html"
            },
            {
              "name": "SUSE-SU-2016:0120",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
            },
            {
              "name": "USN-2869-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2869-1"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "DSA-3446",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3446"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-0777",
        "datePublished": "2016-01-14T00:00:00.000Z",
        "dateReserved": "2015-12-16T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:30:01.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2016-0778 (GCVE-0-2016-0778)

    Vulnerability from cvelistv5 – Published: 2016-01-14 00:00 – Updated: 2026-05-29 20:28
    VLAI
    Summary
    The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    URL Tags
    https://blogs.sophos.com/2016/02/17/utm-up2date-9…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://blogs.sophos.com/2016/02/29/utm-up2date-9…
    http://lists.apple.com/archives/security-announce… vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.securityfocus.com/archive/1/537295/100… mailing-list
    https://support.apple.com/HT206167
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    http://kb.juniper.net/InfoCenter/index?page=conte…
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.oracle.com/technetwork/topics/security…
    http://www.openssh.com/txt/release-7.1p2
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.securityfocus.com/bid/80698 vdb-entry
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisory
    https://bto.bluecoat.com/security-advisory/sa109
    http://www.securitytracker.com/id/1034671 vdb-entry
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://security.gentoo.org/glsa/201601-01 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.openwall.com/lists/oss-security/2016/01/14/7 mailing-list
    http://seclists.org/fulldisclosure/2016/Jan/44 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://packetstormsecurity.com/files/135273/Qualy…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-2869-1 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://www.oracle.com/technetwork/topics/security…
    http://www.debian.org/security/2016/dsa-3446 vendor-advisory
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:30:04.062Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
              },
              {
                "name": "SUSE-SU-2016:0117",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
              },
              {
                "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "name": "FEDORA-2016-4556904561",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openssh.com/txt/release-7.1p2"
              },
              {
                "name": "openSUSE-SU-2016:0128",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
              },
              {
                "name": "80698",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/80698"
              },
              {
                "name": "FEDORA-2016-2e89eba0c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa109"
              },
              {
                "name": "1034671",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034671"
              },
              {
                "name": "openSUSE-SU-2016:0127",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
              },
              {
                "name": "GLSA-201601-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201601-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
              },
              {
                "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
              },
              {
                "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
              },
              {
                "name": "SUSE-SU-2016:0119",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
              },
              {
                "name": "SUSE-SU-2016:0118",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
              },
              {
                "name": "SUSE-SU-2016:0120",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
              },
              {
                "name": "USN-2869-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2869-1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
              },
              {
                "name": "DSA-3446",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3446"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-0778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T20:28:06.198426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T20:28:32.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/"
            },
            {
              "name": "SUSE-SU-2016:0117",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html"
            },
            {
              "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375"
            },
            {
              "name": "20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded"
            },
            {
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "FEDORA-2016-4556904561",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10734"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "url": "http://www.openssh.com/txt/release-7.1p2"
            },
            {
              "name": "openSUSE-SU-2016:0128",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html"
            },
            {
              "name": "80698",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/80698"
            },
            {
              "name": "FEDORA-2016-2e89eba0c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa109"
            },
            {
              "name": "1034671",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034671"
            },
            {
              "name": "openSUSE-SU-2016:0127",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html"
            },
            {
              "name": "GLSA-201601-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201601-01"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7"
            },
            {
              "name": "20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Jan/44"
            },
            {
              "name": "SUSE-SU-2016:0119",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html"
            },
            {
              "name": "SUSE-SU-2016:0118",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html"
            },
            {
              "name": "SUSE-SU-2016:0120",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html"
            },
            {
              "name": "USN-2869-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2869-1"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            },
            {
              "name": "DSA-3446",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3446"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-0778",
        "datePublished": "2016-01-14T00:00:00.000Z",
        "dateReserved": "2015-12-16T00:00:00.000Z",
        "dateUpdated": "2026-05-29T20:28:32.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2014-2537 (GCVE-0-2014-2537)

    Vulnerability from cvelistv5 – Published: 2014-03-18 14:00 – Updated: 2024-08-06 10:14
    VLAI
    Summary
    Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1029920 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/57344 third-party-advisoryx_refsource_SECUNIA
    http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/ x_refsource_CONFIRM
    http://www.securityfocus.com/bid/66231 vdb-entryx_refsource_BID
    Date Public
    2014-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T10:14:26.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1029920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1029920"
              },
              {
                "name": "57344",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
              },
              {
                "name": "66231",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/66231"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-03-27T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1029920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1029920"
            },
            {
              "name": "57344",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
            },
            {
              "name": "66231",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/66231"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-2537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1029920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1029920"
                },
                {
                  "name": "57344",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/57344"
                },
                {
                  "name": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/"
                },
                {
                  "name": "66231",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/66231"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-2537",
        "datePublished": "2014-03-18T14:00:00.000Z",
        "dateReserved": "2014-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T10:14:26.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5932 (GCVE-0-2013-5932)

    Vulnerability from cvelistv5 – Published: 2013-09-23 20:00 – Updated: 2024-08-06 17:29
    VLAI
    Summary
    Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/54881 third-party-advisoryx_refsource_SECUNIA
    http://blogs.sophos.com/2013/08/21/utm-up2date-9-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1029039 vdb-entryx_refsource_SECTRACK
    Date Public
    2013-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:41.699Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "54881",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/54881"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
              },
              {
                "name": "1029039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1029039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-10-04T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "54881",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/54881"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
            },
            {
              "name": "1029039",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1029039"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "54881",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/54881"
                },
                {
                  "name": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
                },
                {
                  "name": "1029039",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1029039"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5932",
        "datePublished": "2013-09-23T20:00:00.000Z",
        "dateReserved": "2013-09-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:29:41.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3238 (GCVE-0-2012-3238)

    Vulnerability from cvelistv5 – Published: 2012-07-09 22:00 – Updated: 2024-09-17 02:12
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:57:50.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.inshell.net/advisory/27"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.astaro.com/en-uk/blog/up2date/8305"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-09T22:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.inshell.net/advisory/27"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.astaro.com/en-uk/blog/up2date/8305"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-3238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \"Comment (optional)\" field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20120610 [CVE-2012-3238] Astaro Security Gateway \u003c= v8.304 Persistent Cross-Site Scripting Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html"
                },
                {
                  "name": "http://security.inshell.net/advisory/27",
                  "refsource": "MISC",
                  "url": "http://security.inshell.net/advisory/27"
                },
                {
                  "name": "http://www.astaro.com/en-uk/blog/up2date/8305",
                  "refsource": "CONFIRM",
                  "url": "http://www.astaro.com/en-uk/blog/up2date/8305"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-3238",
        "datePublished": "2012-07-09T22:00:00.000Z",
        "dateReserved": "2012-06-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:12:02.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }