Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-669
Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | N/A | micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
},
{
"name": "CVE-2012-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
},
{
"name": "CVE-2012-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
},
{
"name": "CVE-2018-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
},
{
"name": "CVE-2017-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
},
{
"name": "CVE-2010-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
},
{
"name": "CVE-2010-4805",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
},
{
"name": "CVE-2015-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2016-4997",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2006-2940",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
},
{
"name": "CVE-2021-39279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
},
{
"name": "CVE-2021-39278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
},
{
"name": "CVE-2012-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
},
{
"name": "CVE-2014-2523",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
},
{
"name": "CVE-2016-10229",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
},
{
"name": "CVE-2016-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
},
{
"name": "CVE-2014-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
},
{
"name": "CVE-2011-0709",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
},
{
"name": "CVE-2010-4251",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
},
{
"name": "CVE-2014-3512",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
},
{
"name": "CVE-2012-3552",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
},
{
"name": "CVE-2012-6701",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
},
{
"name": "CVE-2017-1000111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
},
{
"name": "CVE-2019-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
},
{
"name": "CVE-2012-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
},
{
"name": "CVE-2009-3245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
},
{
"name": "CVE-2016-8717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2016-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
},
{
"name": "CVE-2008-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
},
{
"name": "CVE-2014-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
},
{
"name": "CVE-2015-5364",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
},
{
"name": "CVE-2014-9984",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
},
{
"name": "CVE-2009-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
},
{
"name": "CVE-2015-1465",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
},
{
"name": "CVE-2012-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
},
{
"name": "CVE-2014-9402",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
},
{
"name": "CVE-2006-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
},
{
"name": "CVE-2016-8666",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
},
{
"name": "CVE-2010-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2011-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
},
{
"name": "CVE-2006-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2014-5119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2016-7406",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
},
{
"name": "CVE-2013-7470",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2012-0056",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2010-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
},
{
"name": "CVE-2016-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
},
{
"name": "CVE-2010-3848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
},
{
"name": "CVE-2010-1162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
}
],
"initial_release_date": "2021-09-01T00:00:00",
"last_revision_date": "2021-09-01T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-669",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
}
]
}
CVE-2016-2109 (GCVE-0-2016-2109)
Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
55 references
Date Public
2016-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "87940",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/87940"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
},
{
"name": "SSA:2016-124-01",
"tags": [
"vendor-advisory"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
},
{
"name": "RHSA-2016:2056",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"name": "openSUSE-SU-2016:1238",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html"
},
{
"name": "openSUSE-SU-2016:1242",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "SUSE-SU-2016:1267",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html"
},
{
"name": "RHSA-2016:2073",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2073.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3566",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3566"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
},
{
"name": "openSUSE-SU-2016:1243",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html"
},
{
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "GLSA-201612-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "SUSE-SU-2016:1228",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html"
},
{
"name": "1035721",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1035721"
},
{
"name": "openSUSE-SU-2016:1239",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html"
},
{
"name": "SUSE-SU-2016:1206",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html"
},
{
"name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
"tags": [
"vendor-advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "SUSE-SU-2016:1231",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html"
},
{
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "openSUSE-SU-2016:1240",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html"
},
{
"name": "openSUSE-SU-2016:1241",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "SUSE-SU-2016:1360",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html"
},
{
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2016:1233",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html"
},
{
"name": "openSUSE-SU-2016:1237",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html"
},
{
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
},
{
"name": "RHSA-2016:0996",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0996.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
},
{
"url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c62981390d6cf9e3d612c489b8b77c2913b25807"
},
{
"name": "91787",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "SUSE-SU-2016:1290",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html"
},
{
"name": "openSUSE-SU-2016:1273",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "USN-2959-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2959-1"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "87940",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/87940"
},
{
"name": "RHSA-2016:0722",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0722.html"
},
{
"name": "FreeBSD-SA-16:17",
"tags": [
"vendor-advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc"
},
{
"url": "https://www.openssl.org/news/secadv/20160503.txt"
},
{
"url": "https://support.apple.com/HT206903"
},
{
"url": "https://bto.bluecoat.com/security-advisory/sa123"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2109",
"datePublished": "2016-05-05T00:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2148 (GCVE-0-2016-2148)
Vulnerability from cvelistv5 – Published: 2017-02-09 15:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2016-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2"
},
{
"name": "[oss-security] 20160311 two udhcpc (busybox) issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/11/16"
},
{
"name": "GLSA-201612-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-04"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://busybox.net/news.html"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T13:06:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2"
},
{
"name": "[oss-security] 20160311 two udhcpc (busybox) issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/11/16"
},
{
"name": "GLSA-201612-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-04"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://busybox.net/news.html"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2148",
"datePublished": "2017-02-09T15:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3134 (GCVE-0-2016-3134)
Vulnerability from cvelistv5 – Published: 2016-04-27 17:00 – Updated: 2024-08-05 23:47
VLAI
EPSS
Summary
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
41 references
Date Public
2016-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "USN-2930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "USN-2930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name": "SUSE-SU-2016:2001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "RHSA-2016:1847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "USN-3049-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "RHSA-2016:1875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "USN-2929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "USN-3050-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:1883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "USN-2931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name": "USN-2929-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "84305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:29.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "SUSE-SU-2016:1690",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
},
{
"name": "SUSE-SU-2016:2010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "USN-2930-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "SUSE-SU-2016:1696",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
},
{
"name": "SUSE-SU-2016:1994",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "SUSE-SU-2016:1961",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "USN-2930-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name": "SUSE-SU-2016:2001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "RHSA-2016:1847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"name": "SUSE-SU-2016:2006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "USN-3049-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "RHSA-2016:1875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name": "SUSE-SU-2016:2014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "SUSE-SU-2016:1764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "SUSE-SU-2016:1672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "USN-2929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "USN-3050-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "SUSE-SU-2016:2005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:2074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "SUSE-SU-2016:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:1883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name": "SUSE-SU-2016:1995",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "USN-2931-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name": "USN-2929-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "84305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-3134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=758",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
},
{
"name": "SUSE-SU-2016:2010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
},
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
},
{
"name": "SUSE-SU-2016:1994",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "SUSE-SU-2016:1961",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
},
{
"name": "SUSE-SU-2016:2001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
},
{
"name": "SUSE-SU-2016:1985",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "RHSA-2016:1847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"name": "SUSE-SU-2016:2006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
},
{
"name": "USN-3049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "RHSA-2016:1875",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name": "SUSE-SU-2016:2014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
},
{
"name": "openSUSE-SU-2016:1641",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:2009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "USN-3050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "SUSE-SU-2016:2005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
},
{
"name": "SUSE-SU-2016:2007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "SUSE-SU-2016:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
},
{
"name": "RHSA-2016:1883",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name": "SUSE-SU-2016:1995",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
},
{
"name": "SUSE-SU-2016:2002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
},
{
"name": "USN-2931-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "84305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-3134",
"datePublished": "2016-04-27T17:00:00.000Z",
"dateReserved": "2016-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:57.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4997 (GCVE-0-2016-4997)
Vulnerability from cvelistv5 – Published: 2016-07-03 21:00 – Updated: 2024-08-06 00:46
VLAI
EPSS
Summary
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
43 references
Date Public
2016-06-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:2180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "SUSE-SU-2016:1709",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "RHSA-2016:1847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "SUSE-SU-2016:2174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:1875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "SUSE-SU-2016:2018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/5"
},
{
"name": "SUSE-SU-2016:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
},
{
"name": "SUSE-SU-2016:2178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
},
{
"name": "40435",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40435/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "1036171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036171"
},
{
"name": "40489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40489/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "SUSE-SU-2016:2177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
},
{
"name": "RHSA-2016:1883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name": "SUSE-SU-2016:2179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "SUSE-SU-2016:1710",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html"
},
{
"name": "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/29/10"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "91451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91451"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2016:2180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "SUSE-SU-2016:1709",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html"
},
{
"name": "USN-3017-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "SUSE-SU-2016:1985",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
},
{
"name": "USN-3017-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-3"
},
{
"name": "RHSA-2016:1847",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
},
{
"name": "openSUSE-SU-2016:2184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "USN-3018-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-2"
},
{
"name": "SUSE-SU-2016:2174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"
},
{
"name": "USN-3017-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3017-2"
},
{
"name": "RHSA-2016:1875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
},
{
"name": "USN-3019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3019-1"
},
{
"name": "SUSE-SU-2016:2018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
},
{
"name": "DSA-3607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3016-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-2"
},
{
"name": "USN-3016-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-1"
},
{
"name": "[oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/24/5"
},
{
"name": "SUSE-SU-2016:2181",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"
},
{
"name": "SUSE-SU-2016:2178",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"
},
{
"name": "40435",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40435/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
},
{
"name": "USN-3018-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3018-1"
},
{
"name": "1036171",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036171"
},
{
"name": "40489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40489/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "SUSE-SU-2016:2177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"
},
{
"name": "RHSA-2016:1883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
},
{
"name": "SUSE-SU-2016:2179",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"
},
{
"name": "SUSE-SU-2016:2105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "USN-3016-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-3"
},
{
"name": "SUSE-SU-2016:1710",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html"
},
{
"name": "[oss-security] 20160929 CVE request - Linux kernel through 4.6.2 allows escalade privileges via IP6T_SO_SET_REPLACE compat setsockopt call",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/29/10"
},
{
"name": "USN-3016-4",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3016-4"
},
{
"name": "91451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91451"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c"
},
{
"name": "USN-3020-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3020-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIpt"
},
{
"name": "SUSE-SU-2016:1937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4997",
"datePublished": "2016-07-03T21:00:00.000Z",
"dateReserved": "2016-05-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:40.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7039 (GCVE-0-2016-7039)
Vulnerability from cvelistv5 – Published: 2016-10-16 21:00 – Updated: 2024-08-06 01:50
VLAI
EPSS
Summary
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2107.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:0372 | vendor-advisoryx_refsource_REDHAT |
| https://bto.bluecoat.com/security-advisory/sa134 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1375944 | x_refsource_CONFIRM |
| https://patchwork.ozlabs.org/patch/680412/ | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2047.html | vendor-advisoryx_refsource_REDHAT |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2110.html | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/93476 | vdb-entryx_refsource_BID |
Date Public
2016-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:46.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/patch/680412/"
},
{
"name": "RHSA-2016:2047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "RHSA-2016:2110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "93476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.ozlabs.org/patch/680412/"
},
{
"name": "RHSA-2016:2047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "RHSA-2016:2110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "93476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2107",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa134",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/15"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
},
{
"name": "https://patchwork.ozlabs.org/patch/680412/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/680412/"
},
{
"name": "RHSA-2016:2047",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "RHSA-2016:2110",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "93476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7039",
"datePublished": "2016-10-16T21:00:00.000Z",
"dateReserved": "2016-08-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:46.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7117 (GCVE-0-2016-7117)
Vulnerability from cvelistv5 – Published: 2016-10-10 10:00 – Updated: 2024-08-06 01:50
VLAI
EPSS
Summary
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
21 references
Date Public
2016-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0216.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-7117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "RHSA-2017:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
},
{
"name": "RHSA-2016:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2962.html"
},
{
"name": "RHSA-2017:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
},
{
"name": "RHSA-2017:0091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1003077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268"
},
{
"name": "RHSA-2017:0031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0031.html"
},
{
"name": "RHSA-2017:0065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0065.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
},
{
"name": "93304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93304"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d"
},
{
"name": "RHSA-2017:0270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0270.html"
},
{
"name": "RHSA-2017:0217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
},
{
"name": "RHSA-2017:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"
},
{
"name": "RHSA-2017:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0215.html"
},
{
"name": "RHSA-2017:0196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0196.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "RHSA-2017:0216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0216.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-7117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "RHSA-2017:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
},
{
"name": "RHSA-2016:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2962.html"
},
{
"name": "RHSA-2017:0113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
},
{
"name": "RHSA-2017:0091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1003077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268"
},
{
"name": "RHSA-2017:0031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0031.html"
},
{
"name": "RHSA-2017:0065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0065.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
},
{
"name": "93304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93304"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d"
},
{
"name": "RHSA-2017:0270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0270.html"
},
{
"name": "RHSA-2017:0217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
},
{
"name": "RHSA-2017:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"
},
{
"name": "RHSA-2017:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0215.html"
},
{
"name": "RHSA-2017:0196",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0196.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-7117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0216",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0216.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-7117",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-7117"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "RHSA-2017:0086",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
},
{
"name": "RHSA-2016:2962",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2962.html"
},
{
"name": "RHSA-2017:0113",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
},
{
"name": "RHSA-2017:0091",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1003077",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1003077"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268"
},
{
"name": "RHSA-2017:0031",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0031.html"
},
{
"name": "RHSA-2017:0065",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0065.html"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
},
{
"name": "93304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93304"
},
{
"name": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d"
},
{
"name": "RHSA-2017:0270",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0270.html"
},
{
"name": "RHSA-2017:0217",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
},
{
"name": "RHSA-2017:0036",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"
},
{
"name": "RHSA-2017:0215",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0215.html"
},
{
"name": "RHSA-2017:0196",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0196.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2016-7117",
"datePublished": "2016-10-10T10:00:00.000Z",
"dateReserved": "2016-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:50:47.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7406 (GCVE-0-2016-7406)
Vulnerability from cvelistv5 – Published: 2017-03-03 16:00 – Updated: 2025-11-04 16:09
VLAI
EPSS
Summary
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201702-23 | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/92974 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/09/15/2 | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1376353 | x_refsource_CONFIRM |
| https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2024/Aug/35 |
Date Public
2016-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:09:09.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-23"
},
{
"name": "92974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92974"
},
{
"name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH \u003c2016.74",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-03T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-23"
},
{
"name": "92974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92974"
},
{
"name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH \u003c2016.74",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-23"
},
{
"name": "92974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92974"
},
{
"name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH \u003c2016.74",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
},
{
"name": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb",
"refsource": "CONFIRM",
"url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7406",
"datePublished": "2017-03-03T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:09:09.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-8666 (GCVE-0-2016-8666)
Vulnerability from cvelistv5 – Published: 2016-10-16 21:00 – Updated: 2024-08-06 02:27
VLAI
EPSS
Summary
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2107.html | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:0372 | vendor-advisoryx_refsource_REDHAT |
| https://bto.bluecoat.com/security-advisory/sa134 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/93562 | vdb-entryx_refsource_BID |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-2047.html | vendor-advisoryx_refsource_REDHAT |
| http://rhn.redhat.com/errata/RHSA-2016-2110.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2016/1… | mailing-listx_refsource_MLIST |
| https://github.com/torvalds/linux/commit/fac8e0f5… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2017-0004.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=1384991 | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1001486 | x_refsource_CONFIRM |
Date Public
2016-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "93562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2016:2047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"name": "RHSA-2016:2110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2017:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:08.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "RHSA-2016:2107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "93562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2016:2047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"name": "RHSA-2016:2110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2017:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-8666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2107",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa134",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "93562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93562"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2016:2047",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"name": "RHSA-2016:2110",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
},
{
"name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2017:0004",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-8666",
"datePublished": "2016-10-16T21:00:00.000Z",
"dateReserved": "2016-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8717 (GCVE-0-2016-8717)
Vulnerability from cvelistv5 – Published: 2018-04-02 17:00 – Updated: 2024-09-16 17:09
VLAI
EPSS
Summary
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
Severity
10 (Critical)
CWE
- credentials vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
Impacted products
Date Public
2017-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Moxa",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client 1.1"
}
]
}
],
"datePublic": "2017-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "credentials vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:16:51.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-04-21T00:00:00",
"ID": "CVE-2016-8717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa",
"version": {
"version_data": [
{
"version_value": "Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client 1.1"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "credentials vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0231"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-8717",
"datePublished": "2018-04-02T17:00:00.000Z",
"dateReserved": "2016-10-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:09:11.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000111 (GCVE-0-2017-1000111)
Vulnerability from cvelistv5 – Published: 2017-10-04 01:00 – Updated: 2024-08-05 21:53
VLAI
EPSS
Summary
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:3200 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/100267 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2017:2918 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2931 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3981 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/security/cve/cve-2017-1000111 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1039132 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2017:2930 | vendor-advisoryx_refsource_REDHAT |
Date Public
2017-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:3200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3200"
},
{
"name": "100267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100267"
},
{
"name": "RHSA-2017:2918",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name": "RHSA-2017:2931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name": "DSA-3981",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2017-1000111"
},
{
"name": "1039132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039132"
},
{
"name": "RHSA-2017:2930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00.000Z",
"datePublic": "2017-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-06T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:3200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3200"
},
{
"name": "100267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100267"
},
{
"name": "RHSA-2017:2918",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name": "RHSA-2017:2931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name": "DSA-3981",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/cve-2017-1000111"
},
{
"name": "1039132",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039132"
},
{
"name": "RHSA-2017:2930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.324350",
"ID": "CVE-2017-1000111",
"REQUESTER": "willemdebruijn.kernel@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3200",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3200"
},
{
"name": "100267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100267"
},
{
"name": "RHSA-2017:2918",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name": "RHSA-2017:2931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"name": "https://access.redhat.com/security/cve/cve-2017-1000111",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/cve-2017-1000111"
},
{
"name": "1039132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039132"
},
{
"name": "RHSA-2017:2930",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000111",
"datePublished": "2017-10-04T01:00:00.000Z",
"dateReserved": "2017-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…