Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: 2020-07-09 - Updated: 2020-07-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"initial_release_date": "2020-07-09T00:00:00",
"last_revision_date": "2020-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2018-1000180 (GCVE-0-2018-1000180)
Vulnerability from cvelistv5 – Published: 2018-06-05 13:00 – Updated: 2024-08-05 12:33
VLAI
EPSS
Summary
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2428 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2669 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2643 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2424 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2423 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2425 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2018/dsa-4233 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.apache.org/thread.html/708d94141126… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/106567 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2019:0877 | vendor-advisoryx_refsource_REDHAT |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_CONFIRM |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.bountysource.com/issues/58293083-rsa-… | x_refsource_MISC |
| https://github.com/bcgit/bc-java/commit/22467b6e8… | x_refsource_CONFIRM |
| https://github.com/bcgit/bc-java/commit/73780ac52… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2019020… | x_refsource_CONFIRM |
| https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Date Public
2018-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2428",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2428"
},
{
"name": "RHSA-2018:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "RHSA-2018:2643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2643"
},
{
"name": "RHSA-2018:2424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2424"
},
{
"name": "RHSA-2018:2423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2423"
},
{
"name": "RHSA-2018:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2425"
},
{
"name": "DSA-4233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "106567",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106567"
},
{
"name": "RHSA-2019:0877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-04-30T00:00:00.000Z",
"datePublic": "2018-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:2428",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2428"
},
{
"name": "RHSA-2018:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "RHSA-2018:2643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2643"
},
{
"name": "RHSA-2018:2424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2424"
},
{
"name": "RHSA-2018:2423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2423"
},
{
"name": "RHSA-2018:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2425"
},
{
"name": "DSA-4233",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "106567",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106567"
},
{
"name": "RHSA-2019:0877",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-04-30T12:00:00",
"DATE_REQUESTED": "2018-04-30T14:00:00",
"ID": "CVE-2018-1000180",
"REQUESTER": "dgh@bouncycastle.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2428",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2428"
},
{
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "RHSA-2018:2643",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2643"
},
{
"name": "RHSA-2018:2424",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2424"
},
{
"name": "RHSA-2018:2423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2423"
},
{
"name": "RHSA-2018:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2425"
},
{
"name": "DSA-4233",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "106567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106567"
},
{
"name": "RHSA-2019:0877",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test",
"refsource": "MISC",
"url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"name": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"name": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"name": "https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180",
"refsource": "MISC",
"url": "https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000180",
"datePublished": "2018-06-05T13:00:00.000Z",
"dateReserved": "2018-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:49.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000613 (GCVE-0-2018-1000613)
Vulnerability from cvelistv5 – Published: 2018-07-09 20:00 – Updated: 2024-11-14 20:37
VLAI
EPSS
Summary
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_CONFIRM |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://lists.apache.org/thread.html/rf1bbc0ea4a9… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019020… | x_refsource_CONFIRM |
| https://github.com/bcgit/bc-java/commit/4092ede58… | x_refsource_CONFIRM |
| https://github.com/bcgit/bc-java/commit/cd98322b1… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Date Public
2018-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0607",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-1000613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:03:21.865602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:37:00.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-08T00:00:00.000Z",
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0607",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.190527",
"DATE_REQUESTED": "2018-06-29T04:46:08",
"ID": "CVE-2018-1000613",
"REQUESTER": "dgh@bouncycastle.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0607",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000613",
"datePublished": "2018-07-09T20:00:00.000Z",
"dateReserved": "2018-06-29T00:00:00.000Z",
"dateUpdated": "2024-11-14T20:37:00.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11233 (GCVE-0-2018-11233)
Vulnerability from cvelistv5 – Published: 2018-05-30 04:00 – Updated: 2024-08-05 08:01
VLAI
EPSS
Summary
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2147 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3671-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/104346 | vdb-entryx_refsource_BID |
| https://marc.info/?l=git&m=152761328506724&w=2 | x_refsource_MISC |
| http://www.securitytracker.com/id/1040991 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201805-13 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2018-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2147"
},
{
"name": "USN-3671-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3671-1/"
},
{
"name": "104346",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2"
},
{
"name": "1040991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040991"
},
{
"name": "GLSA-201805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-13"
},
{
"name": "openSUSE-SU-2020:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-01T23:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:2147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2147"
},
{
"name": "USN-3671-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3671-1/"
},
{
"name": "104346",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2"
},
{
"name": "1040991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040991"
},
{
"name": "GLSA-201805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-13"
},
{
"name": "openSUSE-SU-2020:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2147",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2147"
},
{
"name": "USN-3671-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3671-1/"
},
{
"name": "104346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104346"
},
{
"name": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2",
"refsource": "MISC",
"url": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2"
},
{
"name": "1040991",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040991"
},
{
"name": "GLSA-201805-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-13"
},
{
"name": "openSUSE-SU-2020:0598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11233",
"datePublished": "2018-05-30T04:00:00.000Z",
"dateReserved": "2018-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:01:52.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11235 (GCVE-0-2018-11235)
Vulnerability from cvelistv5 – Published: 2018-05-30 04:00 – Updated: 2024-08-05 08:01
VLAI
EPSS
Summary
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44822/ | exploitx_refsource_EXPLOIT-DB |
| https://access.redhat.com/errata/RHSA-2018:2147 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3671-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://marc.info/?l=git&m=152761328506724&w=2 | x_refsource_MISC |
| http://www.securitytracker.com/id/1040991 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2018:1957 | vendor-advisoryx_refsource_REDHAT |
| https://security.gentoo.org/glsa/201805-13 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/104345 | vdb-entryx_refsource_BID |
| https://blogs.msdn.microsoft.com/devops/2018/05/2… | x_refsource_MISC |
| https://www.debian.org/security/2018/dsa-4212 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2018-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44822",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44822/"
},
{
"name": "RHSA-2018:2147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2147"
},
{
"name": "USN-3671-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3671-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2"
},
{
"name": "1040991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040991"
},
{
"name": "RHSA-2018:1957",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1957"
},
{
"name": "GLSA-201805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-13"
},
{
"name": "104345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/"
},
{
"name": "DSA-4212",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4212"
},
{
"name": "openSUSE-SU-2020:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-01T23:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44822",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44822/"
},
{
"name": "RHSA-2018:2147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2147"
},
{
"name": "USN-3671-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3671-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2"
},
{
"name": "1040991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040991"
},
{
"name": "RHSA-2018:1957",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1957"
},
{
"name": "GLSA-201805-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-13"
},
{
"name": "104345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/"
},
{
"name": "DSA-4212",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4212"
},
{
"name": "openSUSE-SU-2020:0598",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44822",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44822/"
},
{
"name": "RHSA-2018:2147",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2147"
},
{
"name": "USN-3671-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3671-1/"
},
{
"name": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2",
"refsource": "MISC",
"url": "https://marc.info/?l=git\u0026m=152761328506724\u0026w=2"
},
{
"name": "1040991",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040991"
},
{
"name": "RHSA-2018:1957",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1957"
},
{
"name": "GLSA-201805-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-13"
},
{
"name": "104345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104345"
},
{
"name": "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/",
"refsource": "MISC",
"url": "https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/"
},
{
"name": "DSA-4212",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4212"
},
{
"name": "openSUSE-SU-2020:0598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11235",
"datePublished": "2018-05-30T04:00:00.000Z",
"dateReserved": "2018-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:01:52.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16881 (GCVE-0-2018-16881)
Vulnerability from cvelistv5 – Published: 2019-01-25 18:00 – Updated: 2024-08-05 10:32
VLAI
EPSS
Summary
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
Severity
5.3 (Medium)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2019:2110 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:2439 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:2437 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHBA-2019:2501 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The rsyslog Project | rsyslog: |
Affected:
8.27.0
|
Date Public
2017-04-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:2110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2110"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHBA-2019:2501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3016-1] rsyslog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rsyslog:",
"vendor": "The rsyslog Project",
"versions": [
{
"status": "affected",
"version": "8.27.0"
}
]
}
],
"datePublic": "2017-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-21T00:06:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2019:2110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2110"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHBA-2019:2501",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3016-1] rsyslog security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rsyslog:",
"version": {
"version_data": [
{
"version_value": "8.27.0"
}
]
}
}
]
},
"vendor_name": "The rsyslog Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:2110",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2110"
},
{
"name": "RHSA-2019:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHBA-2019:2501",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:2501"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881"
},
{
"name": "[debian-lts-announce] 20220520 [SECURITY] [DLA 3016-1] rsyslog security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16881",
"datePublished": "2019-01-25T18:00:00.000Z",
"dateReserved": "2018-09-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:32:54.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19486 (GCVE-0-2018-19486)
Vulnerability from cvelistv5 – Published: 2018-11-23 08:00 – Updated: 2024-08-05 11:37
VLAI
EPSS
Summary
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/pub/scm/git/git.git/commit… | x_refsource_MISC |
| http://www.securityfocus.com/bid/106020 | vdb-entryx_refsource_BID |
| https://git.kernel.org/pub/scm/git/git.git/tree/D… | x_refsource_MISC |
| http://www.securitytracker.com/id/1042166 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2018:3800 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3829-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/201904-13 | vendor-advisoryx_refsource_GENTOO |
Date Public
2018-11-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60"
},
{
"name": "106020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt"
},
{
"name": "1042166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042166"
},
{
"name": "RHSA-2018:3800",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3800"
},
{
"name": "USN-3829-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3829-1/"
},
{
"name": "GLSA-201904-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if \u0027.\u0027 were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-11T02:06:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60"
},
{
"name": "106020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt"
},
{
"name": "1042166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042166"
},
{
"name": "RHSA-2018:3800",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3800"
},
{
"name": "USN-3829-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3829-1/"
},
{
"name": "GLSA-201904-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if \u0027.\u0027 were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60"
},
{
"name": "106020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106020"
},
{
"name": "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt"
},
{
"name": "1042166",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042166"
},
{
"name": "RHSA-2018:3800",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3800"
},
{
"name": "USN-3829-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3829-1/"
},
{
"name": "GLSA-201904-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19486",
"datePublished": "2018-11-23T08:00:00.000Z",
"dateReserved": "2018-11-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3639 (GCVE-0-2018-3639)
Vulnerability from cvelistv5 – Published: 2018-05-22 12:00 – Updated: 2026-05-29 20:14
VLAI
EPSS
Summary
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information Disclosure
- CWE-203 - Observable Discrepancy
Assigner
References
147 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:1689 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2162 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1641 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3680-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:1997 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1665 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3407 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2164 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2001 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3423 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2003 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3654-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:1645 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1643 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1652 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3424 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3402 | vendor-advisoryx_refsource_REDHAT |
| https://www.us-cert.gov/ncas/alerts/TA18-141A | third-party-advisoryx_refsource_CERT |
| https://access.redhat.com/errata/RHSA-2018:1656 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1664 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2258 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1688 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1658 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1657 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2289 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1666 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1042004 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2018:1675 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1660 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1965 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1661 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1633 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1636 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1854 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2006 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2250 | vendor-advisoryx_refsource_REDHAT |
| http://www.securitytracker.com/id/1040949 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2018:3401 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1737 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1826 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3651-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://www.debian.org/security/2018/dsa-4210 | vendor-advisoryx_refsource_DEBIAN |
| https://www.exploit-db.com/exploits/44695/ | exploitx_refsource_EXPLOIT-DB |
| https://access.redhat.com/errata/RHSA-2018:1651 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1638 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1696 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2246 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1644 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1646 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:1639 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1668 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1637 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2948 | vendor-advisoryx_refsource_REDHAT |
| https://www.kb.cert.org/vuls/id/180049 | third-party-advisoryx_refsource_CERT-VN |
| https://access.redhat.com/errata/RHSA-2018:1686 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2172 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1663 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3652-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:1629 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1655 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1640 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1669 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1676 | vendor-advisoryx_refsource_REDHAT |
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| https://access.redhat.com/errata/RHSA-2018:3425 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2363 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1632 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1650 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2396 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2364 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3653-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:2216 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3655-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:1649 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2309 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/104232 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2018:1653 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2171 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1635 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:2394 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1710 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1659 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1711 | vendor-advisoryx_refsource_REDHAT |
| https://www.debian.org/security/2018/dsa-4273 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2018:1738 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1674 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3396 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1667 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3654-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:1662 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1630 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1647 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1967 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3655-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:3399 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2060 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1690 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3653-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:2161 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2018:2328 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1648 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2387 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:0148 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1654 | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/3679-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3777-3/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:1642 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3397 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/3756-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:3398 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:3400 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2228 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2019:1046 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://seclists.org/bugtraq/2019/Jun/36 | mailing-listx_refsource_BUGTRAQ |
| http://www.openwall.com/lists/oss-security/2020/06/10/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2020/06/10/2 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2020/06/10/5 | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_CONFIRM |
| https://help.ecostruxureit.com/display/public/UAD… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| http://support.lenovo.com/us/en/solutions/LEN-22133 | x_refsource_CONFIRM |
| https://psirt.global.sonicwall.com/vuln-detail/SN… | x_refsource_CONFIRM |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://support.citrix.com/article/CTX235225 | x_refsource_CONFIRM |
| https://www.intel.com/content/www/us/en/security-… | x_refsource_CONFIRM |
| https://www.synology.com/support/security/Synolog… | x_refsource_CONFIRM |
| https://developer.arm.com/support/arm-security-up… | x_refsource_CONFIRM |
| http://www.fujitsu.com/global/support/products/so… | x_refsource_CONFIRM |
| http://xenbits.xen.org/xsa/advisory-263.html | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.mitel.com/en-ca/support/security-advi… | x_refsource_CONFIRM |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2018052… | x_refsource_CONFIRM |
| https://nvidia.custhelp.com/app/answers/detail/a_… | x_refsource_CONFIRM |
| https://support.oracle.com/knowledge/Sun%20Micros… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel Corporation | Multiple |
Affected:
Multiple
|
Date Public
2018-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1689"
},
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "RHSA-2018:1641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1641"
},
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"name": "RHSA-2018:1665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1665"
},
{
"name": "RHSA-2018:3407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"name": "RHSA-2018:2164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "RHSA-2018:2001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"name": "RHSA-2018:3423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3423"
},
{
"name": "RHSA-2018:2003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"name": "USN-3654-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "RHSA-2018:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1645"
},
{
"name": "RHSA-2018:1643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1643"
},
{
"name": "RHSA-2018:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1652"
},
{
"name": "RHSA-2018:3424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3424"
},
{
"name": "RHSA-2018:3402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3402"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "RHSA-2018:1656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1656"
},
{
"name": "RHSA-2018:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1664"
},
{
"name": "RHSA-2018:2258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"name": "RHSA-2018:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1688"
},
{
"name": "RHSA-2018:1658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1658"
},
{
"name": "RHSA-2018:1657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1657"
},
{
"name": "RHSA-2018:2289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"name": "RHSA-2018:1666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1666"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1675"
},
{
"name": "RHSA-2018:1660",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1660"
},
{
"name": "RHSA-2018:1965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"name": "RHSA-2018:1661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1661"
},
{
"name": "RHSA-2018:1633",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1633"
},
{
"name": "RHSA-2018:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1636"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2006"
},
{
"name": "RHSA-2018:2250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "RHSA-2018:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3401"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "RHSA-2018:1826",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1826"
},
{
"name": "USN-3651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"name": "DSA-4210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"name": "44695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"name": "RHSA-2018:1651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1651"
},
{
"name": "RHSA-2018:1638",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1638"
},
{
"name": "RHSA-2018:1696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1696"
},
{
"name": "RHSA-2018:2246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"name": "RHSA-2018:1644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1644"
},
{
"name": "RHSA-2018:1646",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1646"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:1639",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1639"
},
{
"name": "RHSA-2018:1668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1668"
},
{
"name": "RHSA-2018:1637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1637"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "RHSA-2018:1686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1686"
},
{
"name": "RHSA-2018:2172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"name": "RHSA-2018:1663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1663"
},
{
"name": "USN-3652-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"name": "RHSA-2018:1629",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1629"
},
{
"name": "RHSA-2018:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1655"
},
{
"name": "RHSA-2018:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1640"
},
{
"name": "RHSA-2018:1669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1669"
},
{
"name": "RHSA-2018:1676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1676"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "RHSA-2018:3425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3425"
},
{
"name": "RHSA-2018:2363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2363"
},
{
"name": "RHSA-2018:1632",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1632"
},
{
"name": "RHSA-2018:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1650"
},
{
"name": "RHSA-2018:2396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name": "RHSA-2018:2364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2364"
},
{
"name": "USN-3653-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "RHSA-2018:2216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2216"
},
{
"name": "USN-3655-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "RHSA-2018:1649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1649"
},
{
"name": "RHSA-2018:2309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"name": "104232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104232"
},
{
"name": "RHSA-2018:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1653"
},
{
"name": "RHSA-2018:2171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2171"
},
{
"name": "RHSA-2018:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1635"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "RHSA-2018:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name": "RHSA-2018:1710",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1710"
},
{
"name": "RHSA-2018:1659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1659"
},
{
"name": "RHSA-2018:1711",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1711"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "RHSA-2018:1738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1738"
},
{
"name": "RHSA-2018:1674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1674"
},
{
"name": "RHSA-2018:3396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3396"
},
{
"name": "RHSA-2018:1667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1667"
},
{
"name": "USN-3654-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "RHSA-2018:1662",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1662"
},
{
"name": "RHSA-2018:1630",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1630"
},
{
"name": "RHSA-2018:1647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1647"
},
{
"name": "RHSA-2018:1967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"name": "USN-3655-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "RHSA-2018:3399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3399"
},
{
"name": "RHSA-2018:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2060"
},
{
"name": "RHSA-2018:1690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1690"
},
{
"name": "USN-3653-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "RHSA-2018:2161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "RHSA-2018:2328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"name": "RHSA-2018:1648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1648"
},
{
"name": "RHSA-2018:2387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name": "RHSA-2019:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0148"
},
{
"name": "RHSA-2018:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1654"
},
{
"name": "USN-3679-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "RHSA-2018:1642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1642"
},
{
"name": "RHSA-2018:3397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3397"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "RHSA-2018:3398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3398"
},
{
"name": "RHSA-2018:3400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3400"
},
{
"name": "RHSA-2018:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "RHSA-2019:1046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"name": "openSUSE-SU-2019:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX235225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-3639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T20:13:59.457681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T20:14:05.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"datePublic": "2018-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T20:06:27.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "RHSA-2018:1689",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1689"
},
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "RHSA-2018:1641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1641"
},
{
"name": "USN-3680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"name": "RHSA-2018:1665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1665"
},
{
"name": "RHSA-2018:3407",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"name": "RHSA-2018:2164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "RHSA-2018:2001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"name": "RHSA-2018:3423",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3423"
},
{
"name": "RHSA-2018:2003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"name": "USN-3654-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "RHSA-2018:1645",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1645"
},
{
"name": "RHSA-2018:1643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1643"
},
{
"name": "RHSA-2018:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1652"
},
{
"name": "RHSA-2018:3424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3424"
},
{
"name": "RHSA-2018:3402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3402"
},
{
"name": "TA18-141A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "RHSA-2018:1656",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1656"
},
{
"name": "RHSA-2018:1664",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1664"
},
{
"name": "RHSA-2018:2258",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"name": "RHSA-2018:1688",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1688"
},
{
"name": "RHSA-2018:1658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1658"
},
{
"name": "RHSA-2018:1657",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1657"
},
{
"name": "RHSA-2018:2289",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"name": "RHSA-2018:1666",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1666"
},
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1675"
},
{
"name": "RHSA-2018:1660",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1660"
},
{
"name": "RHSA-2018:1965",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"name": "RHSA-2018:1661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1661"
},
{
"name": "RHSA-2018:1633",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1633"
},
{
"name": "RHSA-2018:1636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1636"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2006"
},
{
"name": "RHSA-2018:2250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"name": "1040949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "RHSA-2018:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3401"
},
{
"name": "RHSA-2018:1737",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "RHSA-2018:1826",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1826"
},
{
"name": "USN-3651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"name": "DSA-4210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"name": "44695",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"name": "RHSA-2018:1651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1651"
},
{
"name": "RHSA-2018:1638",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1638"
},
{
"name": "RHSA-2018:1696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1696"
},
{
"name": "RHSA-2018:2246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"name": "RHSA-2018:1644",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1644"
},
{
"name": "RHSA-2018:1646",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1646"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:1639",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1639"
},
{
"name": "RHSA-2018:1668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1668"
},
{
"name": "RHSA-2018:1637",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1637"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "VU#180049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "RHSA-2018:1686",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1686"
},
{
"name": "RHSA-2018:2172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"name": "RHSA-2018:1663",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1663"
},
{
"name": "USN-3652-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"name": "RHSA-2018:1629",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1629"
},
{
"name": "RHSA-2018:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1655"
},
{
"name": "RHSA-2018:1640",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1640"
},
{
"name": "RHSA-2018:1669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1669"
},
{
"name": "RHSA-2018:1676",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1676"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "RHSA-2018:3425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3425"
},
{
"name": "RHSA-2018:2363",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2363"
},
{
"name": "RHSA-2018:1632",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1632"
},
{
"name": "RHSA-2018:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1650"
},
{
"name": "RHSA-2018:2396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name": "RHSA-2018:2364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2364"
},
{
"name": "USN-3653-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "RHSA-2018:2216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2216"
},
{
"name": "USN-3655-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "RHSA-2018:1649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1649"
},
{
"name": "RHSA-2018:2309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"name": "104232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104232"
},
{
"name": "RHSA-2018:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1653"
},
{
"name": "RHSA-2018:2171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2171"
},
{
"name": "RHSA-2018:1635",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1635"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "RHSA-2018:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name": "RHSA-2018:1710",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1710"
},
{
"name": "RHSA-2018:1659",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1659"
},
{
"name": "RHSA-2018:1711",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1711"
},
{
"name": "DSA-4273",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "RHSA-2018:1738",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1738"
},
{
"name": "RHSA-2018:1674",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1674"
},
{
"name": "RHSA-2018:3396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3396"
},
{
"name": "RHSA-2018:1667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1667"
},
{
"name": "USN-3654-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "RHSA-2018:1662",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1662"
},
{
"name": "RHSA-2018:1630",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1630"
},
{
"name": "RHSA-2018:1647",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1647"
},
{
"name": "RHSA-2018:1967",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"name": "USN-3655-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "RHSA-2018:3399",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3399"
},
{
"name": "RHSA-2018:2060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2060"
},
{
"name": "RHSA-2018:1690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1690"
},
{
"name": "USN-3653-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "RHSA-2018:2161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "RHSA-2018:2328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"name": "RHSA-2018:1648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1648"
},
{
"name": "RHSA-2018:2387",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name": "RHSA-2019:0148",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0148"
},
{
"name": "RHSA-2018:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1654"
},
{
"name": "USN-3679-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"name": "USN-3777-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "RHSA-2018:1642",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1642"
},
{
"name": "RHSA-2018:3397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3397"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "USN-3756-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "RHSA-2018:3398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3398"
},
{
"name": "RHSA-2018:3400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3400"
},
{
"name": "RHSA-2018:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "RHSA-2019:1046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"name": "openSUSE-SU-2019:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX235225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-21T00:00:00",
"ID": "CVE-2018-3639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1689",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1689"
},
{
"name": "RHSA-2018:2162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "RHSA-2018:1641",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1641"
},
{
"name": "USN-3680-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3680-1/"
},
{
"name": "RHSA-2018:1997",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1997"
},
{
"name": "RHSA-2018:1665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1665"
},
{
"name": "RHSA-2018:3407",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3407"
},
{
"name": "RHSA-2018:2164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2164"
},
{
"name": "RHSA-2018:2001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2001"
},
{
"name": "RHSA-2018:3423",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3423"
},
{
"name": "RHSA-2018:2003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2003"
},
{
"name": "USN-3654-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "RHSA-2018:1645",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1645"
},
{
"name": "RHSA-2018:1643",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1643"
},
{
"name": "RHSA-2018:1652",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1652"
},
{
"name": "RHSA-2018:3424",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3424"
},
{
"name": "RHSA-2018:3402",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3402"
},
{
"name": "TA18-141A",
"refsource": "CERT",
"url": "https://www.us-cert.gov/ncas/alerts/TA18-141A"
},
{
"name": "RHSA-2018:1656",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1656"
},
{
"name": "RHSA-2018:1664",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1664"
},
{
"name": "RHSA-2018:2258",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2258"
},
{
"name": "RHSA-2018:1688",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1688"
},
{
"name": "RHSA-2018:1658",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1658"
},
{
"name": "RHSA-2018:1657",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1657"
},
{
"name": "RHSA-2018:2289",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2289"
},
{
"name": "RHSA-2018:1666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1666"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1675",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1675"
},
{
"name": "RHSA-2018:1660",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1660"
},
{
"name": "RHSA-2018:1965",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1965"
},
{
"name": "RHSA-2018:1661",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1661"
},
{
"name": "RHSA-2018:1633",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1633"
},
{
"name": "RHSA-2018:1636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1636"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "RHSA-2018:2006",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2006"
},
{
"name": "RHSA-2018:2250",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2250"
},
{
"name": "1040949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040949"
},
{
"name": "RHSA-2018:3401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3401"
},
{
"name": "RHSA-2018:1737",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1737"
},
{
"name": "RHSA-2018:1826",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1826"
},
{
"name": "USN-3651-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3651-1/"
},
{
"name": "DSA-4210",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4210"
},
{
"name": "44695",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44695/"
},
{
"name": "RHSA-2018:1651",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1651"
},
{
"name": "RHSA-2018:1638",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1638"
},
{
"name": "RHSA-2018:1696",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1696"
},
{
"name": "RHSA-2018:2246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2246"
},
{
"name": "RHSA-2018:1644",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1644"
},
{
"name": "RHSA-2018:1646",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1646"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:1639",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1639"
},
{
"name": "RHSA-2018:1668",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1668"
},
{
"name": "RHSA-2018:1637",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1637"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "VU#180049",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"name": "RHSA-2018:1686",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1686"
},
{
"name": "RHSA-2018:2172",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2172"
},
{
"name": "RHSA-2018:1663",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1663"
},
{
"name": "USN-3652-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3652-1/"
},
{
"name": "RHSA-2018:1629",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1629"
},
{
"name": "RHSA-2018:1655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1655"
},
{
"name": "RHSA-2018:1640",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1640"
},
{
"name": "RHSA-2018:1669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1669"
},
{
"name": "RHSA-2018:1676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1676"
},
{
"name": "20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel"
},
{
"name": "RHSA-2018:3425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3425"
},
{
"name": "RHSA-2018:2363",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2363"
},
{
"name": "RHSA-2018:1632",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1632"
},
{
"name": "RHSA-2018:1650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1650"
},
{
"name": "RHSA-2018:2396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2396"
},
{
"name": "RHSA-2018:2364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2364"
},
{
"name": "USN-3653-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3653-2/"
},
{
"name": "RHSA-2018:2216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2216"
},
{
"name": "USN-3655-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-1/"
},
{
"name": "RHSA-2018:1649",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1649"
},
{
"name": "RHSA-2018:2309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2309"
},
{
"name": "104232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104232"
},
{
"name": "RHSA-2018:1653",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1653"
},
{
"name": "RHSA-2018:2171",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2171"
},
{
"name": "RHSA-2018:1635",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1635"
},
{
"name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"name": "RHSA-2018:2394",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2394"
},
{
"name": "RHSA-2018:1710",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1710"
},
{
"name": "RHSA-2018:1659",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1659"
},
{
"name": "RHSA-2018:1711",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1711"
},
{
"name": "DSA-4273",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4273"
},
{
"name": "RHSA-2018:1738",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1738"
},
{
"name": "RHSA-2018:1674",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1674"
},
{
"name": "RHSA-2018:3396",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3396"
},
{
"name": "RHSA-2018:1667",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1667"
},
{
"name": "USN-3654-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "RHSA-2018:1662",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1662"
},
{
"name": "RHSA-2018:1630",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1630"
},
{
"name": "RHSA-2018:1647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1647"
},
{
"name": "RHSA-2018:1967",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1967"
},
{
"name": "USN-3655-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3655-2/"
},
{
"name": "RHSA-2018:3399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3399"
},
{
"name": "RHSA-2018:2060",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2060"
},
{
"name": "RHSA-2018:1690",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1690"
},
{
"name": "USN-3653-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3653-1/"
},
{
"name": "RHSA-2018:2161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2161"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1446-1] intel-microcode security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html"
},
{
"name": "RHSA-2018:2328",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2328"
},
{
"name": "RHSA-2018:1648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1648"
},
{
"name": "RHSA-2018:2387",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2387"
},
{
"name": "RHSA-2019:0148",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0148"
},
{
"name": "RHSA-2018:1654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1654"
},
{
"name": "USN-3679-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3679-1/"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"name": "RHSA-2018:1642",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1642"
},
{
"name": "RHSA-2018:3397",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3397"
},
{
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
},
{
"name": "USN-3756-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3756-1/"
},
{
"name": "RHSA-2018:3398",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3398"
},
{
"name": "RHSA-2018:3400",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3400"
},
{
"name": "RHSA-2018:2228",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2228"
},
{
"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"name": "RHSA-2019:1046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1046"
},
{
"name": "openSUSE-SU-2019:1439",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html"
},
{
"name": "openSUSE-SU-2019:1438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html"
},
{
"name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/36"
},
{
"name": "[oss-security] 20200610 kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/1"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/2"
},
{
"name": "[oss-security] 20200610 Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/10/5"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-22133",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-22133"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012"
},
{
"name": "https://support.citrix.com/article/CTX235225",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX235225"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_23",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_23"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"name": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-263.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-263.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03850en_us"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180521-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180521-0001/"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787"
},
{
"name": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html",
"refsource": "CONFIRM",
"url": "https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3639",
"datePublished": "2018-05-22T12:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2026-05-29T20:14:05.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-5360 (GCVE-0-2018-5360)
Vulnerability from cvelistv5 – Published: 2018-01-14 02:00 – Updated: 2024-08-05 05:33
VLAI
EPSS
Summary
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://sourceforge.net/p/graphicsmagick/bugs/540/ | x_refsource_MISC |
| https://gitlab.com/libtiff/libtiff/commit/739dcd2… | x_refsource_CONFIRM |
| http://bugzilla.maptools.org/show_bug.cgi?id=2500 | x_refsource_MISC |
Date Public
2018-01-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-19T17:51:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/540/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
},
{
"name": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159",
"refsource": "CONFIRM",
"url": "https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2500",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5360",
"datePublished": "2018-01-14T02:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5382 (GCVE-0-2018-5382)
Vulnerability from cvelistv5 – Published: 2018-04-16 13:00 – Updated: 2024-09-16 16:27
VLAI
EPSS
Title
Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
Summary
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.
Severity
No CVSS data available.
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103453 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2018:2927 | vendor-advisoryx_refsource_REDHAT |
| https://www.kb.cert.org/vuls/id/306792 | third-party-advisoryx_refsource_CERT-VN |
| https://www.bouncycastle.org/releasenotes.html | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Legion of the Bouncy Castle | Bouncy Castle |
Affected:
all , < 1.47
(custom)
|
Date Public
2012-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103453"
},
{
"name": "RHSA-2018:2927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "VU#306792",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/306792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bouncycastle.org/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bouncy Castle",
"vendor": "Legion of the Bouncy Castle",
"versions": [
{
"lessThan": "1.47",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2012-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type \"BKS-V1\" was introduced in 1.49. It should be noted that the use of \"BKS-V1\" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-02T18:52:28.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "103453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103453"
},
{
"name": "RHSA-2018:2927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "VU#306792",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/306792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bouncycastle.org/releasenotes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2012-03-20T00:00:00.000Z",
"ID": "CVE-2018-5382",
"STATE": "PUBLIC",
"TITLE": "Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bouncy Castle",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all",
"version_value": "1.47"
}
]
}
}
]
},
"vendor_name": "Legion of the Bouncy Castle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type \"BKS-V1\" was introduced in 1.49. It should be noted that the use of \"BKS-V1\" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103453"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "VU#306792",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/306792"
},
{
"name": "https://www.bouncycastle.org/releasenotes.html",
"refsource": "MISC",
"url": "https://www.bouncycastle.org/releasenotes.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5382",
"datePublished": "2018-04-16T13:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:27:56.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0131 (GCVE-0-2019-0131)
Vulnerability from cvelistv5 – Published: 2019-12-18 21:08 – Updated: 2024-08-04 17:44
VLAI
EPSS
Summary
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
Severity
No CVSS data available.
CWE
- Denial of Service, Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.intel.com/content/www/us/en/security-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) AMT |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) AMT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T21:08:32.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) AMT",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0131",
"datePublished": "2019-12-18T21:08:32.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:14.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…