Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-14952 (GCVE-0-2017-14952)
Vulnerability from cvelistv5 – Published: 2017-10-16 16:00 – Updated: 2024-08-05 19:42
VLAI
EPSS
Summary
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.sourcebrella.com/blog/double-free-vuln… | x_refsource_MISC |
| http://bugs.icu-project.org/trac/changeset/40324/… | x_refsource_CONFIRM |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
Date Public
2017-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T19:08:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/",
"refsource": "MISC",
"url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
},
{
"name": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14952",
"datePublished": "2017-10-16T16:00:00.000Z",
"dateReserved": "2017-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-14952",
"date": "2026-05-30",
"epss": "0.02941",
"percentile": "0.86681"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-14952\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-16T16:29:00.887\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \\\"redundant UVector entry clean up function call\\\" issue.\"},{\"lang\":\"es\",\"value\":\"Doble liberaci\u00f3n (double free) en i18n/zonemeta.cpp en International Components for Unicode (ICU) para C/C++ hasta la versi\u00f3n 59.1 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante una cadena manipulada. Esto tambi\u00e9n se conoce como \\\"redundant UVector entry clean up function call\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\\\\/c\\\\+\\\\+:*:*\",\"versionEndIncluding\":\"59.1\",\"matchCriteriaId\":\"D014CA1A-E812-43A8-BA9B-4CEBD3D57109\"}]}]}],\"references\":[{\"url\":\"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
WID-SEC-W-2025-1659
Vulnerability from csaf_certbund - Published: 2017-10-16 22:00 - Updated: 2025-10-26 23:00Summary
International Components for Unicode (icu): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die International Components for Unicode (ICU) sind C, C++ und Java Bibliotheken zur Auswertung regulärer Ausdrücke bzw. zum Verarbeiten von Strings und Zeichen im Unicode Format.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in International Components for Unicode (icu) ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Android
- iPhoneOS
- Linux
- MacOS X
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source International Components for Unicode (icu) <60.1
Open Source / International Components for Unicode (icu)
|
<60.1 |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die International Components for Unicode (ICU) sind C, C++ und Java Bibliotheken zur Auswertung regul\u00e4rer Ausdr\u00fccke bzw. zum Verarbeiten von Strings und Zeichen im Unicode Format.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in International Components for Unicode (icu) ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android\n- iPhoneOS\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1659 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-1659.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1659 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1659"
},
{
"category": "external",
"summary": "Sourcebrella Blogeintrag vom 2017-10-16",
"url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3458-2 vom 2017-10-23",
"url": "http://www.ubuntu.com/usn/usn-3458-2/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3458-1 vom 2017-10-23",
"url": "http://www.ubuntu.com/usn/usn-3458-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1401-1 vom 2018-05-24",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181401-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:1602-1 vom 2018-06-08",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181602-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11888 vom 2025-07-29",
"url": "http://linux.oracle.com/errata/ELSA-2025-11888.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241823 vom 2025-08-08",
"url": "https://www.ibm.com/support/pages/node/7241823"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-10-24",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123933"
}
],
"source_lang": "en-US",
"title": "International Components for Unicode (icu): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-10-26T23:00:00.000+00:00",
"generator": {
"date": "2025-10-27T10:03:29.027+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1659",
"initial_release_date": "2017-10-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-10-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-10-16T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-10-23T22:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2017-11-08T23:00:00.000+00:00",
"number": "4",
"summary": "Added references"
},
{
"date": "2018-06-10T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-08-07T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019294",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T045745",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c60.1",
"product": {
"name": "Open Source International Components for Unicode (icu) \u003c60.1",
"product_id": "T010957"
}
},
{
"category": "product_version",
"name": "60.1",
"product": {
"name": "Open Source International Components for Unicode (icu) 60.1",
"product_id": "T010957-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:icu_project:international_components_for_unicode:60.1"
}
}
}
],
"category": "product_name",
"name": "International Components for Unicode (icu)"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-14952",
"product_status": {
"known_affected": [
"T045745",
"T002207",
"T000126",
"T019294",
"T004914",
"T010957"
]
},
"release_date": "2017-10-16T22:00:00.000+00:00",
"title": "CVE-2017-14952"
}
]
}
WID-SEC-W-2025-1660
Vulnerability from csaf_certbund - Published: 2019-04-16 22:00 - Updated: 2025-07-28 22:00Summary
Oracle Utilities: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Utilities ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications
Oracle
|
cpe:/a:oracle:utilities:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Utilities ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1660 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-1660.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1660 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1660"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixUTIL"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-11888 vom 2025-07-29",
"url": "http://linux.oracle.com/errata/ELSA-2025-11888.html"
}
],
"source_lang": "en-US",
"title": "Oracle Utilities: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-28T22:00:00.000+00:00",
"generator": {
"date": "2025-07-29T08:29:38.026+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1660",
"initial_release_date": "2019-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2019-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications",
"product": {
"name": "Oracle Utilities Applications",
"product_id": "T008098",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7923",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-7923"
},
{
"cve": "CVE-2014-7926",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-7926"
},
{
"cve": "CVE-2014-7940",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-7940"
},
{
"cve": "CVE-2014-8146",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-8146"
},
{
"cve": "CVE-2014-8147",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-8147"
},
{
"cve": "CVE-2014-9654",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-9654"
},
{
"cve": "CVE-2014-9911",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2014-9911"
},
{
"cve": "CVE-2015-5922",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2015-5922"
},
{
"cve": "CVE-2015-9251",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2016-1000031",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2016-1000031"
},
{
"cve": "CVE-2016-6293",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2016-6293"
},
{
"cve": "CVE-2016-7415",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2016-7415"
},
{
"cve": "CVE-2017-14952",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2017-14952"
},
{
"cve": "CVE-2017-17484",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2017-17484"
},
{
"cve": "CVE-2017-7867",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2017-7867"
},
{
"cve": "CVE-2017-7868",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2017-7868"
},
{
"cve": "CVE-2018-11039",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-11039"
},
{
"cve": "CVE-2018-11040",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-11040"
},
{
"cve": "CVE-2018-1257",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1257"
},
{
"cve": "CVE-2018-1258",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-1258"
},
{
"cve": "CVE-2018-8088",
"product_status": {
"known_affected": [
"T008098",
"T004914"
]
},
"release_date": "2019-04-16T22:00:00.000+00:00",
"title": "CVE-2018-8088"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…