Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-411
Vulnerability from certfr_avis - Published: 2016-12-14 - Updated: 2016-12-14
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2016-7646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7646"
},
{
"name": "CVE-2016-7615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7615"
},
{
"name": "CVE-2016-7411",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7411"
},
{
"name": "CVE-2016-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7643"
},
{
"name": "CVE-2016-7624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7624"
},
{
"name": "CVE-2016-7589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7589"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7645"
},
{
"name": "CVE-2016-7650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7650"
},
{
"name": "CVE-2016-7591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7591"
},
{
"name": "CVE-2016-7629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7629"
},
{
"name": "CVE-2016-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7637"
},
{
"name": "CVE-2016-7649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7649"
},
{
"name": "CVE-2016-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4688"
},
{
"name": "CVE-2016-7640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7640"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-7620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7620"
},
{
"name": "CVE-2016-7587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7587"
},
{
"name": "CVE-2016-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7616"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7659"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-7663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7663"
},
{
"name": "CVE-2016-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7648"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2016-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7595"
},
{
"name": "CVE-2016-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7657"
},
{
"name": "CVE-2016-7639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7639"
},
{
"name": "CVE-2016-7610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7610"
},
{
"name": "CVE-2016-7605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7605"
},
{
"name": "CVE-2016-7588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7588"
},
{
"name": "CVE-2016-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7636"
},
{
"name": "CVE-2016-7602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7602"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-7652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7652"
},
{
"name": "CVE-2016-7641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7641"
},
{
"name": "CVE-2016-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7642"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7608"
},
{
"name": "CVE-2016-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4743"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2016-7621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7621"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2016-7606",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7606"
},
{
"name": "CVE-2016-7418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7418"
},
{
"name": "CVE-2016-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7614"
},
{
"name": "CVE-2016-7596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7596"
},
{
"name": "CVE-2016-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4691"
},
{
"name": "CVE-2016-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4692"
},
{
"name": "CVE-2016-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7592"
},
{
"name": "CVE-2016-7604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7604"
},
{
"name": "CVE-2016-7586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7586"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2016-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7654"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2016-7609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7609"
},
{
"name": "CVE-2016-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7611"
},
{
"name": "CVE-2016-7416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7416"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2016-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7635"
},
{
"name": "CVE-2016-7599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7599"
},
{
"name": "CVE-2016-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4693"
},
{
"name": "CVE-2016-7633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7633"
},
{
"name": "CVE-2016-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7658"
},
{
"name": "CVE-2016-7417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7417"
},
{
"name": "CVE-2016-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7662"
},
{
"name": "CVE-2016-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7660"
},
{
"name": "CVE-2016-7612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7612"
},
{
"name": "CVE-2016-7414",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7414"
},
{
"name": "CVE-2016-7625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7625"
},
{
"name": "CVE-2016-7644",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7644"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1823"
},
{
"name": "CVE-2016-7412",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7412"
},
{
"name": "CVE-2016-7627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7627"
},
{
"name": "CVE-2016-7632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7632"
},
{
"name": "CVE-2016-7661",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7661"
},
{
"name": "CVE-2016-7607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7607"
},
{
"name": "CVE-2016-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7655"
},
{
"name": "CVE-2016-7594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7594"
},
{
"name": "CVE-2016-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7598"
},
{
"name": "CVE-2016-7622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7622"
},
{
"name": "CVE-2016-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7656"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-7617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7617"
},
{
"name": "CVE-2016-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7619"
},
{
"name": "CVE-2016-7600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7600"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2016-7603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7603"
},
{
"name": "CVE-2016-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7618"
},
{
"name": "CVE-2016-7413",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7413"
},
{
"name": "CVE-2016-7628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7628"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
}
],
"initial_release_date": "2016-12-14T00:00:00",
"last_revision_date": "2016-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-411",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207424 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207424"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207421 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207427 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207427"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207423 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207423"
}
]
}
CVE-2016-6303 (GCVE-0-2016-6303)
Vulnerability from cvelistv5 – Published: 2016-09-16 00:00 – Updated: 2024-08-06 01:29
VLAI
EPSS
Summary
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2016-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:18.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "1036885",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "92984",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92984"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "FreeBSD-SA-16:26",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "1036885",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036885"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "92984",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/92984"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "FreeBSD-SA-16:26",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6303",
"datePublished": "2016-09-16T00:00:00.000Z",
"dateReserved": "2016-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:29:18.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6304 (GCVE-0-2016-6304)
Vulnerability from cvelistv5 – Published: 2016-09-26 00:00 – Updated: 2024-08-06 01:29
VLAI
EPSS
Summary
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
62 references
Date Public
2016-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:18.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "RHSA-2017:1659",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "RHSA-2017:1658",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "RHSA-2016:1940",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"name": "93150",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93150"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "RHSA-2016:2802",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "RHSA-2017:1801",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name": "1036878",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036878"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"name": "RHSA-2017:1413",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"tags": [
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "RHSA-2017:2494",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:1414",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name": "RHSA-2017:1415",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "FreeBSD-SA-16:26",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"name": "SUSE-SU-2016:2470",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"name": "RHSA-2017:1802",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"name": "RHSA-2017:2493",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"name": "SUSE-SU-2017:2700",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"name": "USN-3087-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"name": "SUSE-SU-2016:2469",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"name": "openSUSE-SU-2016:2537",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/62"
},
{
"name": "USN-3087-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/47"
},
{
"name": "SUSE-SU-2017:2699",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"name": "openSUSE-SU-2016:2407",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"name": "SUSE-SU-2016:2458",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"name": "DSA-3673",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"name": "openSUSE-SU-2016:2391",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"name": "openSUSE-SU-2018:0458",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
},
{
"name": "SUSE-SU-2016:2387",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"name": "openSUSE-SU-2016:2788",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
},
{
"name": "SUSE-SU-2016:2468",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"name": "openSUSE-SU-2016:2769",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
},
{
"name": "openSUSE-SU-2016:2496",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"name": "SUSE-SU-2016:2394",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "RHSA-2017:1659",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "RHSA-2017:1658",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "RHSA-2016:1940",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"name": "93150",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/93150"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "RHSA-2016:2802",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2802.html"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "RHSA-2017:1801",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name": "1036878",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036878"
},
{
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"name": "RHSA-2017:1413",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "RHSA-2017:2494",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "1037640",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:1414",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name": "RHSA-2017:1415",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "FreeBSD-SA-16:26",
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"name": "SUSE-SU-2016:2470",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"name": "RHSA-2017:1802",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"name": "RHSA-2017:2493",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
},
{
"name": "SUSE-SU-2017:2700",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
},
{
"name": "USN-3087-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-1"
},
{
"name": "SUSE-SU-2016:2469",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
},
{
"name": "openSUSE-SU-2016:2537",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
},
{
"name": "20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/62"
},
{
"name": "USN-3087-2",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3087-2"
},
{
"name": "20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2016/Dec/47"
},
{
"name": "SUSE-SU-2017:2699",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
},
{
"name": "openSUSE-SU-2016:2407",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
},
{
"name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/31"
},
{
"name": "SUSE-SU-2016:2458",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
},
{
"name": "DSA-3673",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3673"
},
{
"name": "openSUSE-SU-2016:2391",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
},
{
"name": "openSUSE-SU-2018:0458",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
},
{
"url": "http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html"
},
{
"name": "SUSE-SU-2016:2387",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
},
{
"name": "openSUSE-SU-2016:2788",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html"
},
{
"name": "SUSE-SU-2016:2468",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
},
{
"name": "openSUSE-SU-2016:2769",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html"
},
{
"name": "openSUSE-SU-2016:2496",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
},
{
"name": "SUSE-SU-2016:2394",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
},
{
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6304",
"datePublished": "2016-09-26T00:00:00.000Z",
"dateReserved": "2016-07-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:29:18.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7141 (GCVE-0-2016-7141)
Vulnerability from cvelistv5 – Published: 2016-10-03 21:00 – Updated: 2024-08-06 01:50
VLAI
EPSS
Summary
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2575.html | vendor-advisoryx_refsource_REDHAT |
| https://curl.haxx.se/docs/adv_20160907.html | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3558 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=1373229 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1036739 | vdb-entryx_refsource_SECTRACK |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://github.com/curl/curl/commit/curl-7_50_2~32 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2957.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/92754 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-47 | vendor-advisoryx_refsource_GENTOO |
Date Public
2016-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2575.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/adv_20160907.html"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229"
},
{
"name": "1036739",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036739"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/curl-7_50_2~32"
},
{
"name": "openSUSE-SU-2016:2379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "92754",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92754"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-47"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2575.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/docs/adv_20160907.html"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229"
},
{
"name": "1036739",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036739"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/curl/curl/commit/curl-7_50_2~32"
},
{
"name": "openSUSE-SU-2016:2379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "92754",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92754"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-47"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2575",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2575.html"
},
{
"name": "https://curl.haxx.se/docs/adv_20160907.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20160907.html"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373229"
},
{
"name": "1036739",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036739"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name": "https://github.com/curl/curl/commit/curl-7_50_2~32",
"refsource": "CONFIRM",
"url": "https://github.com/curl/curl/commit/curl-7_50_2~32"
},
{
"name": "openSUSE-SU-2016:2379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "92754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92754"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7141",
"datePublished": "2016-10-03T21:00:00.000Z",
"dateReserved": "2016-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7167 (GCVE-0-2016-7167)
Vulnerability from cvelistv5 – Published: 2016-10-07 14:00 – Updated: 2024-08-06 01:50
VLAI
EPSS
Summary
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2016-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-80f4f71eff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/"
},
{
"name": "SSA:2016-259-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "FEDORA-2016-08533fc59c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/"
},
{
"name": "92975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92975"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name": "1036813",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/adv_20160914.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:2016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2016"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "FEDORA-2016-7a2ed52d41",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2016-80f4f71eff",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/"
},
{
"name": "SSA:2016-259-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "FEDORA-2016-08533fc59c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/"
},
{
"name": "92975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92975"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name": "1036813",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/docs/adv_20160914.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:2016",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2016"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201701-47",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "FEDORA-2016-7a2ed52d41",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-80f4f71eff",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMRWVISG7VUCYRMF23A2UHMYD72VQWAK/"
},
{
"name": "SSA:2016-259-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.538632"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "FEDORA-2016-08533fc59c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3IU2FRXQNU6UJIQT4NGLWWTP2GJQXO7/"
},
{
"name": "92975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92975"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name": "1036813",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036813"
},
{
"name": "https://curl.haxx.se/docs/adv_20160914.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20160914.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2017:2016",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2016"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
},
{
"name": "FEDORA-2016-7a2ed52d41",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTH54DFOS4TSYPG5XKJDGAG4XPAR4T7M/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7167",
"datePublished": "2016-10-07T14:00:00.000Z",
"dateReserved": "2016-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7411 (GCVE-0-2016-7411)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| https://bugs.php.net/bug.php?id=73052 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://github.com/php/php-src/commit/6a7cc8ff858… | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93009 | vdb-entryx_refsource_BID |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73052"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "93009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=73052"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "93009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "https://bugs.php.net/bug.php?id=73052",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=73052"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "93009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7411",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7412 (GCVE-0-2016-7412)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/php/php-src/commit/28f80baf3c5… | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-7.php | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| https://bugs.php.net/bug.php?id=72293 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:1296 | vendor-advisoryx_refsource_REDHAT |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2016-19 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93005 | vdb-entryx_refsource_BID |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=72293"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=72293"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1"
},
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "https://bugs.php.net/bug.php?id=72293",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72293"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7412",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7413 (GCVE-0-2016-7413)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/php/php-src/commit/b88393f08a5… | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-7.php | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:1296 | vendor-advisoryx_refsource_REDHAT |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2016-19 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93006 | vdb-entryx_refsource_BID |
| https://bugs.php.net/bug.php?id=72860 | x_refsource_CONFIRM |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93006",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=72860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93006",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=72860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1"
},
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93006"
},
{
"name": "https://bugs.php.net/bug.php?id=72860",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7413",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7414 (GCVE-0-2016-7414)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.php.net/ChangeLog-7.php | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93004 | vdb-entryx_refsource_BID |
| https://github.com/php/php-src/commit/0bfb970f43a… | x_refsource_CONFIRM |
| https://bugs.php.net/bug.php?id=72928 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:1296 | vendor-advisoryx_refsource_REDHAT |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2016-19 | x_refsource_CONFIRM |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "93004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=72928"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "93004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=72928"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "93004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93004"
},
{
"name": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1"
},
{
"name": "https://bugs.php.net/bug.php?id=72928",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72928"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7414",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7416 (GCVE-0-2016-7416)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/93008 | vdb-entryx_refsource_BID |
| http://www.php.net/ChangeLog-7.php | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:1296 | vendor-advisoryx_refsource_REDHAT |
| https://bugs.php.net/bug.php?id=73007 | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2016-19 | x_refsource_CONFIRM |
| https://github.com/php/php-src/commit/6d55ba26563… | x_refsource_CONFIRM |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93008",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93008",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=73007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93008"
},
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "https://bugs.php.net/bug.php?id=73007",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=73007"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7416",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7417 (GCVE-0-2016-7417)
Vulnerability from cvelistv5 – Published: 2016-09-17 21:00 – Updated: 2024-08-06 01:57
VLAI
EPSS
Summary
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.php.net/ChangeLog-7.php | x_refsource_CONFIRM |
| https://github.com/php/php-src/commit/ecb7f58a069… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201611-22 | vendor-advisoryx_refsource_GENTOO |
| http://www.securitytracker.com/id/1036836 | vdb-entryx_refsource_SECTRACK |
| http://www.openwall.com/lists/oss-security/2016/0… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:1296 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/93007 | vdb-entryx_refsource_BID |
| https://bugs.php.net/bug.php?id=73029 | x_refsource_CONFIRM |
| http://www.php.net/ChangeLog-5.php | x_refsource_CONFIRM |
| https://www.tenable.com/security/tns-2016-19 | x_refsource_CONFIRM |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "93007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=73029"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1"
},
{
"name": "GLSA-201611-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "93007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.php.net/bug.php?id=73029"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "93007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93007"
},
{
"name": "https://bugs.php.net/bug.php?id=73029",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=73029"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7417",
"datePublished": "2016-09-17T21:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…