Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1124 (GCVE-0-2018-1124)
Vulnerability from cvelistv5 – Published: 2018-05-23 13:00 – Updated: 2025-12-18 11:37
VLAI
EPSS
Summary
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
Severity
7.3 (High)
Assigner
References
22 references
Date Public
2018-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3658-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-1124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T22:12:23.097847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T11:37:47.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "procps-ng",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "procps-ng 3.3.15"
}
]
}
],
"datePublic": "2018-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-26T23:06:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3658-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "procps-ng",
"version": {
"version_data": [
{
"version_value": "procps-ng 3.3.15"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3658-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1124",
"datePublished": "2018-05-23T13:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2025-12-18T11:37:47.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-1124",
"date": "2026-05-28",
"epss": "0.00462",
"percentile": "0.64437"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1124\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-05-23T13:29:00.263\",\"lastModified\":\"2024-11-21T03:59:13.937\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"},{\"lang\":\"es\",\"value\":\"procps-ng en versiones anteriores a la 3.3.15 es vulnerable a m\u00faltiples desbordamientos de enteros que conducen a una corrupci\u00f3n de la memoria din\u00e1mica (heap) en la funci\u00f3n file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podr\u00eda resultar en cierres inesperados o la ejecuci\u00f3n de c\u00f3digo arbitrario en las utilidades proc ejecutadas por otros usuarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.15\",\"matchCriteriaId\":\"9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB48767-F095-444F-9E05-D9AC345AB803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6.0\",\"matchCriteriaId\":\"6CB56955-1A47-4F6C-A354-8BBAE7534504\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2018/q2/122\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104214\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041057\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1700\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1777\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1820\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2267\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2268\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1944\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2401\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201805-14\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-2/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4208\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44806/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/oss-sec/2018/q2/122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104214\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2401\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201805-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3658-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44806/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://usn.ubuntu.com/3658-1/\", \"name\": \"USN-3658-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"name\": \"DSA-4208\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"name\": \"GLSA-201805-14\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"name\": \"44806\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"name\": \"RHSA-2018:1777\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"name\": \"[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"name\": \"RHSA-2018:2267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"name\": \"RHSA-2018:2268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"name\": \"RHSA-2018:1700\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"name\": \"104214\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"name\": \"[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"name\": \"1041057\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"name\": \"RHSA-2018:1820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"name\": \"USN-3658-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"name\": \"RHSA-2019:1944\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"name\": \"RHSA-2019:2401\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"name\": \"openSUSE-SU-2019:2376\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"name\": \"openSUSE-SU-2019:2379\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:51:48.632Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-1124\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T22:12:23.097847Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-18T11:37:42.235Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"[UNKNOWN]\", \"product\": \"procps-ng\", \"versions\": [{\"status\": \"affected\", \"version\": \"procps-ng 3.3.15\"}]}], \"datePublic\": \"2018-05-17T00:00:00.000Z\", \"references\": [{\"url\": \"https://usn.ubuntu.com/3658-1/\", \"name\": \"USN-3658-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"name\": \"DSA-4208\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"name\": \"GLSA-201805-14\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"name\": \"44806\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"name\": \"RHSA-2018:1777\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"name\": \"[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"name\": \"RHSA-2018:2267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"name\": \"RHSA-2018:2268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"name\": \"RHSA-2018:1700\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"name\": \"104214\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"name\": \"[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"name\": \"1041057\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"name\": \"RHSA-2018:1820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"name\": \"USN-3658-2\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"name\": \"RHSA-2019:1944\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"name\": \"RHSA-2019:2401\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"name\": \"openSUSE-SU-2019:2376\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"name\": \"openSUSE-SU-2019:2379\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2019-10-26T23:06:10.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": [[{\"version\": \"3.0\", \"vectorString\": \"7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\"}]]}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"procps-ng 3.3.15\"}]}, \"product_name\": \"procps-ng\"}]}, \"vendor_name\": \"[UNKNOWN]\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://usn.ubuntu.com/3658-1/\", \"name\": \"USN-3658-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4208\", \"name\": \"DSA-4208\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://security.gentoo.org/glsa/201805-14\", \"name\": \"GLSA-201805-14\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://www.exploit-db.com/exploits/44806/\", \"name\": \"44806\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1777\", \"name\": \"RHSA-2018:1777\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"name\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html\", \"name\": \"[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2267\", \"name\": \"RHSA-2018:2267\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2268\", \"name\": \"RHSA-2018:2268\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1700\", \"name\": \"RHSA-2018:1700\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"name\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/104214\", \"name\": \"104214\", \"refsource\": \"BID\"}, {\"url\": \"http://seclists.org/oss-sec/2018/q2/122\", \"name\": \"[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.securitytracker.com/id/1041057\", \"name\": \"1041057\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1820\", \"name\": \"RHSA-2018:1820\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://usn.ubuntu.com/3658-2/\", \"name\": \"USN-3658-2\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"name\": \"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt\", \"refsource\": \"MISC\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1944\", \"name\": \"RHSA-2019:1944\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2401\", \"name\": \"RHSA-2019:2401\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html\", \"name\": \"openSUSE-SU-2019:2376\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html\", \"name\": \"openSUSE-SU-2019:2379\", \"refsource\": \"SUSE\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-190\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-122\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-1124\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-1124\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-18T11:37:47.265Z\", \"dateReserved\": \"2017-12-04T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2018-05-23T13:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
BDU:2019-00182
Vulnerability from fstec - Published: 23.05.2018
VLAI
Title
Уязвимость функции file2strvec набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции file2strvec набора консольных приложений для мониторинга и завершения системных процессов Props-ng вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity
Vendor
Сообщество свободного программного обеспечения, Juniper Networks Inc.
Software Name
Props-ng, Junos Space Network Management Platform
Software Version
до 3.3.15 (Props-ng), 18.4R1 (Junos Space Network Management Platform)
Possible Mitigations
Обновление программного обеспечения Props-ng до актуальной версии
Для ОС РОСА КОБАЛЬТ:
http://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-05-24.001
Reference
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10917
http://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-05-24.001
CWE
CWE-190
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Juniper Networks Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 3.3.15 (Props-ng), 18.4R1 (Junos Space Network Management Platform)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Props-ng \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \u041a\u041e\u0411\u0410\u041b\u042c\u0422:\nhttp://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-05-24.001",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.05.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.01.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00182",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1124",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Props-ng, Junos Space Network Management Platform",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 file2strvec \u043d\u0430\u0431\u043e\u0440\u0430 \u043a\u043e\u043d\u0441\u043e\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 Props-ng, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 file2strvec \u043d\u0430\u0431\u043e\u0440\u0430 \u043a\u043e\u043d\u0441\u043e\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 Props-ng \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\nhttp://wiki.rosalab.ru/ru/index.php/ROSA-SA-18-05-24.001",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis - Published: 2019-01-10 - Updated: 2019-01-10
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"initial_release_date": "2019-01-10T00:00:00",
"last_revision_date": "2019-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CNVD-2018-10334
Vulnerability from cnvd - Published: 2018-05-25
VLAI
Title
procps-ng整数溢出漏洞
Description
procps-ng是一款使用在Linux平台中的用于提供proc文件系统进程信息的实用程序。
procps-ng 3.3.15之前版本中的‘file2strvec’函数存在整数溢出漏洞。本地攻击者可利用该漏洞破坏堆并提升权限,造成proc实用程序崩溃或执行任意代码。
Severity
高
Patch Name
procps-ng整数溢出漏洞的补丁
Patch Description
procps-ng是一款使用在Linux平台中的用于提供proc文件系统进程信息的实用程序。
procps-ng 3.3.15之前版本中的‘file2strvec’函数存在整数溢出漏洞。本地攻击者可利用该漏洞破坏堆并提升权限,造成proc实用程序崩溃或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://gitlab.com/procps-ng/procps
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-1124
Impacted products
| Name | procps-ng procps-ng <3.3.15 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-1124"
}
},
"description": "procps-ng\u662f\u4e00\u6b3e\u4f7f\u7528\u5728Linux\u5e73\u53f0\u4e2d\u7684\u7528\u4e8e\u63d0\u4f9bproc\u6587\u4ef6\u7cfb\u7edf\u8fdb\u7a0b\u4fe1\u606f\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\nprocps-ng 3.3.15\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018file2strvec\u2019\u51fd\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u5806\u5e76\u63d0\u5347\u6743\u9650\uff0c\u9020\u6210proc\u5b9e\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Qualys Research Labs",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://gitlab.com/procps-ng/procps",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-10334",
"openTime": "2018-05-25",
"patchDescription": "procps-ng\u662f\u4e00\u6b3e\u4f7f\u7528\u5728Linux\u5e73\u53f0\u4e2d\u7684\u7528\u4e8e\u63d0\u4f9bproc\u6587\u4ef6\u7cfb\u7edf\u8fdb\u7a0b\u4fe1\u606f\u7684\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\nprocps-ng 3.3.15\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018file2strvec\u2019\u51fd\u6570\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u5806\u5e76\u63d0\u5347\u6743\u9650\uff0c\u9020\u6210proc\u5b9e\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "procps-ng\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "procps-ng procps-ng \u003c3.3.15"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"serverity": "\u9ad8",
"submitTime": "2018-05-25",
"title": "procps-ng\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2018-1124
Vulnerability from fkie_nvd - Published: 2018-05-23 13:29 - Updated: 2024-11-21 03:59
Severity
Summary
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://seclists.org/oss-sec/2018/q2/122 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/104214 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1041057 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:1700 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:1777 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:1820 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2267 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2268 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:1944 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:2401 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
| secalert@redhat.com | https://kc.mcafee.com/corporate/index?page=content&id=SB10241 | Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html | Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/201805-14 | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/3658-1/ | Third Party Advisory | |
| secalert@redhat.com | https://usn.ubuntu.com/3658-2/ | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2018/dsa-4208 | Third Party Advisory | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/44806/ | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2018/q2/122 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104214 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041057 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1700 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1777 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1820 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2267 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2268 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1944 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2401 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kc.mcafee.com/corporate/index?page=content&id=SB10241 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201805-14 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3658-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3658-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4208 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44806/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| procps-ng_project | procps-ng | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| schneider-electric | struxureware_data_center_expert | * | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B",
"versionEndExcluding": "3.3.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB56955-1A47-4F6C-A354-8BBAE7534504",
"versionEndExcluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
},
{
"lang": "es",
"value": "procps-ng en versiones anteriores a la 3.3.15 es vulnerable a m\u00faltiples desbordamientos de enteros que conducen a una corrupci\u00f3n de la memoria din\u00e1mica (heap) en la funci\u00f3n file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podr\u00eda resultar en cierres inesperados o la ejecuci\u00f3n de c\u00f3digo arbitrario en las utilidades proc ejecutadas por otros usuarios."
}
],
"id": "CVE-2018-1124",
"lastModified": "2024-11-21T03:59:13.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-23T13:29:00.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6M7W-M36X-76PQ
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-1124"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-23T13:29:00Z",
"severity": "HIGH"
},
"details": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"id": "GHSA-6m7w-m36x-76pq",
"modified": "2022-05-13T01:16:28Z",
"published": "2022-05-13T01:16:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124"
},
{
"type": "WEB",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44806"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3658-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3658-1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"type": "WEB",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104214"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041057"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-1124
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1124",
"description": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"id": "GSD-2018-1124",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1124.html",
"https://www.debian.org/security/2018/dsa-4208",
"https://access.redhat.com/errata/RHSA-2019:2401",
"https://access.redhat.com/errata/RHSA-2019:1944",
"https://access.redhat.com/errata/RHSA-2018:2268",
"https://access.redhat.com/errata/RHSA-2018:2267",
"https://access.redhat.com/errata/RHSA-2018:1820",
"https://access.redhat.com/errata/RHSA-2018:1777",
"https://access.redhat.com/errata/RHSA-2018:1700",
"https://ubuntu.com/security/CVE-2018-1124",
"https://security.archlinux.org/CVE-2018-1124",
"https://linux.oracle.com/cve/CVE-2018-1124.html",
"https://packetstormsecurity.com/files/cve/CVE-2018-1124"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1124"
],
"details": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"id": "GSD-2018-1124",
"modified": "2023-12-13T01:22:37.611310Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "procps-ng",
"version": {
"version_data": [
{
"version_value": "procps-ng 3.3.15"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3658-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "DSA-4208",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "GLSA-201805-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "44806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "RHSA-2018:1777",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:2267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "RHSA-2018:2268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:1700",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "104214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "1041057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "RHSA-2019:1944",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1124"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
},
{
"name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q2/122"
},
{
"name": "DSA-4208",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4208"
},
{
"name": "USN-3658-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3658-1/"
},
{
"name": "RHSA-2018:1700",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1700"
},
{
"name": "104214",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104214"
},
{
"name": "44806",
"refsource": "EXPLOIT-DB",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44806/"
},
{
"name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
},
{
"name": "RHSA-2018:1777",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1777"
},
{
"name": "USN-3658-2",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"name": "RHSA-2018:1820",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10241"
},
{
"name": "1041057",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:2268",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2268"
},
{
"name": "RHSA-2018:2267",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2267"
},
{
"name": "GLSA-201805-14",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-14"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "RHSA-2019:1944",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1944"
},
{
"name": "RHSA-2019:2401",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2401"
},
{
"name": "openSUSE-SU-2019:2376",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html"
},
{
"name": "openSUSE-SU-2019:2379",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-09-09T14:58Z",
"publishedDate": "2018-05-23T13:29Z"
}
}
}
OPENSUSE-SU-2019:2376-1
Vulnerability from csaf_opensuse - Published: 2019-10-26 14:24 - Updated: 2019-10-26 14:24Summary
Security update for procps
Severity
Important
Notes
Title of the patch: Security update for procps
Description of the patch: This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2376
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
46 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1092100 | self |
| https://bugzilla.suse.com/1121753 | self |
| https://www.suse.com/security/cve/CVE-2018-1122/ | self |
| https://www.suse.com/security/cve/CVE-2018-1123/ | self |
| https://www.suse.com/security/cve/CVE-2018-1124/ | self |
| https://www.suse.com/security/cve/CVE-2018-1125/ | self |
| https://www.suse.com/security/cve/CVE-2018-1126/ | self |
| https://www.suse.com/security/cve/CVE-2018-1122 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1123 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1124 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1125 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1126 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procps fixes the following issues:\n\nprocps was updated to 3.3.15. (bsc#1092100)\n\nFollowing security issues were fixed:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n\nAlso this non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n\nThe update to 3.3.15 contains the following fixes:\n\n* library: Increment to 8:0:1\n No removals, no new functions\n Changes: slab and pid structures\n* library: Just check for SIGLOST and don\u0027t delete it\n* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124\n* library: Use size_t for alloc functions CVE-2018-1126\n* library: Increase comm size to 64\n* pgrep: Fix stack-based buffer overflow CVE-2018-1125\n* pgrep: Remove \u003e15 warning as comm can be longer\n* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123\n* ps: Increase command name selection field to 64\n* top: Don\u0027t use cwd for location of config CVE-2018-1122\n* update translations\n* library: build on non-glibc systems\n* free: fix scaling on 32-bit systems\n* Revert \u0027Support running with child namespaces\u0027\n* library: Increment to 7:0:1\n No changes, no removals\n New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler\n* doc: Document I idle state in ps.1 and top.1\n* free: fix some of the SI multiples\n* kill: -l space between name parses correctly\n* library: dont use vm_min_free on non Linux\n* library: don\u0027t strip off wchan prefixes (ps \u0026 top)\n* pgrep: warn about 15+ char name only if -f not used\n* pgrep/pkill: only match in same namespace by default\n* pidof: specify separator between pids\n* pkill: Return 0 only if we can kill process\n* pmap: fix duplicate output line under \u0027-x\u0027 option\n* ps: avoid eip/esp address truncations\n* ps: recognizes SCHED_DEADLINE as valid CPU scheduler\n* ps: display NUMA node under which a thread ran\n* ps: Add seconds display for cputime and time\n* ps: Add LUID field\n* sysctl: Permit empty string for value\n* sysctl: Don\u0027t segv when file not available\n* sysctl: Read and write large buffers\n* top: add config file support for XDG specification\n* top: eliminated minor libnuma memory leak\n* top: show fewer memory decimal places (configurable)\n* top: provide command line switch for memory scaling\n* top: provide command line switch for CPU States\n* top: provides more accurate cpu usage at startup\n* top: display NUMA node under which a thread ran\n* top: fix argument parsing quirk resulting in SEGV\n* top: delay interval accepts non-locale radix point\n* top: address a wishlist man page NLS suggestion\n* top: fix potential distortion in \u0027Mem\u0027 graph display\n* top: provide proper multi-byte string handling\n* top: startup defaults are fully customizable\n* watch: define HOST_NAME_MAX where not defined\n* vmstat: Fix alignment for disk partition format\n* watch: Support ANSI 39,49 reset sequences\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2376",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2376-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2376-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2376-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB/#4EP32ED5GDRC2L3UFTOK2NPRC2TNQRPB"
},
{
"category": "self",
"summary": "SUSE Bug 1092100",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "self",
"summary": "SUSE Bug 1121753",
"url": "https://bugzilla.suse.com/1121753"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "Security update for procps",
"tracking": {
"current_release_date": "2019-10-26T14:24:29Z",
"generator": {
"date": "2019-10-26T14:24:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2376-1",
"initial_release_date": "2019-10-26T14:24:29Z",
"revision_history": [
{
"date": "2019-10-26T14:24:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libprocps7-3.3.15-lp151.6.3.1.i586",
"product": {
"name": "libprocps7-3.3.15-lp151.6.3.1.i586",
"product_id": "libprocps7-3.3.15-lp151.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "procps-3.3.15-lp151.6.3.1.i586",
"product": {
"name": "procps-3.3.15-lp151.6.3.1.i586",
"product_id": "procps-3.3.15-lp151.6.3.1.i586"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.15-lp151.6.3.1.i586",
"product": {
"name": "procps-devel-3.3.15-lp151.6.3.1.i586",
"product_id": "procps-devel-3.3.15-lp151.6.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps7-3.3.15-lp151.6.3.1.x86_64",
"product": {
"name": "libprocps7-3.3.15-lp151.6.3.1.x86_64",
"product_id": "libprocps7-3.3.15-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-3.3.15-lp151.6.3.1.x86_64",
"product": {
"name": "procps-3.3.15-lp151.6.3.1.x86_64",
"product_id": "procps-3.3.15-lp151.6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.15-lp151.6.3.1.x86_64",
"product": {
"name": "procps-devel-3.3.15-lp151.6.3.1.x86_64",
"product_id": "procps-devel-3.3.15-lp151.6.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps7-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586"
},
"product_reference": "libprocps7-3.3.15-lp151.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps7-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64"
},
"product_reference": "libprocps7-3.3.15-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586"
},
"product_reference": "procps-3.3.15-lp151.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64"
},
"product_reference": "procps-3.3.15-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.15-lp151.6.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586"
},
"product_reference": "procps-devel-3.3.15-lp151.6.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.15-lp151.6.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
},
"product_reference": "procps-devel-3.3.15-lp151.6.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T14:24:29Z",
"details": "important"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T14:24:29Z",
"details": "important"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T14:24:29Z",
"details": "important"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T14:24:29Z",
"details": "important"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:libprocps7-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-3.3.15-lp151.6.3.1.x86_64",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.i586",
"openSUSE Leap 15.1:procps-devel-3.3.15-lp151.6.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T14:24:29Z",
"details": "important"
}
],
"title": "CVE-2018-1126"
}
]
}
OPENSUSE-SU-2019:2379-1
Vulnerability from csaf_opensuse - Published: 2019-10-26 16:24 - Updated: 2019-10-26 16:24Summary
Security update for procps
Severity
Important
Notes
Title of the patch: Security update for procps
Description of the patch: This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
* library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
* library: Just check for SIGLOST and don't delete it
* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
* library: Use size_t for alloc functions CVE-2018-1126
* library: Increase comm size to 64
* pgrep: Fix stack-based buffer overflow CVE-2018-1125
* pgrep: Remove >15 warning as comm can be longer
* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
* ps: Increase command name selection field to 64
* top: Don't use cwd for location of config CVE-2018-1122
* update translations
* library: build on non-glibc systems
* free: fix scaling on 32-bit systems
* Revert 'Support running with child namespaces'
* library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
* doc: Document I idle state in ps.1 and top.1
* free: fix some of the SI multiples
* kill: -l space between name parses correctly
* library: dont use vm_min_free on non Linux
* library: don't strip off wchan prefixes (ps & top)
* pgrep: warn about 15+ char name only if -f not used
* pgrep/pkill: only match in same namespace by default
* pidof: specify separator between pids
* pkill: Return 0 only if we can kill process
* pmap: fix duplicate output line under '-x' option
* ps: avoid eip/esp address truncations
* ps: recognizes SCHED_DEADLINE as valid CPU scheduler
* ps: display NUMA node under which a thread ran
* ps: Add seconds display for cputime and time
* ps: Add LUID field
* sysctl: Permit empty string for value
* sysctl: Don't segv when file not available
* sysctl: Read and write large buffers
* top: add config file support for XDG specification
* top: eliminated minor libnuma memory leak
* top: show fewer memory decimal places (configurable)
* top: provide command line switch for memory scaling
* top: provide command line switch for CPU States
* top: provides more accurate cpu usage at startup
* top: display NUMA node under which a thread ran
* top: fix argument parsing quirk resulting in SEGV
* top: delay interval accepts non-locale radix point
* top: address a wishlist man page NLS suggestion
* top: fix potential distortion in 'Mem' graph display
* top: provide proper multi-byte string handling
* top: startup defaults are fully customizable
* watch: define HOST_NAME_MAX where not defined
* vmstat: Fix alignment for disk partition format
* watch: Support ANSI 39,49 reset sequences
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2379
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
46 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1092100 | self |
| https://bugzilla.suse.com/1121753 | self |
| https://www.suse.com/security/cve/CVE-2018-1122/ | self |
| https://www.suse.com/security/cve/CVE-2018-1123/ | self |
| https://www.suse.com/security/cve/CVE-2018-1124/ | self |
| https://www.suse.com/security/cve/CVE-2018-1125/ | self |
| https://www.suse.com/security/cve/CVE-2018-1126/ | self |
| https://www.suse.com/security/cve/CVE-2018-1122 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1123 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1124 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1125 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1126 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for procps",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for procps fixes the following issues:\n\nprocps was updated to 3.3.15. (bsc#1092100)\n\nFollowing security issues were fixed:\n\n- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top\n with HOME unset in an attacker-controlled directory, the attacker could have\n achieved privilege escalation by exploiting one of several vulnerabilities in\n the config_file() function (bsc#1092100).\n- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.\n Inbuilt protection in ps maped a guard page at the end of the overflowed\n buffer, ensuring that the impact of this flaw is limited to a crash (temporary\n denial of service) (bsc#1092100).\n- CVE-2018-1124: Prevent multiple integer overflows leading to a heap\n corruption in file2strvec function. This allowed a privilege escalation for a\n local attacker who can create entries in procfs by starting processes, which\n could result in crashes or arbitrary code execution in proc utilities run by\n other users (bsc#1092100).\n- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was\n mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).\n- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent\n truncation/integer overflow issues (bsc#1092100).\n\n\nAlso this non-security issue was fixed:\n\n- Fix CPU summary showing old data. (bsc#1121753)\n\nThe update to 3.3.15 contains the following fixes:\n\n* library: Increment to 8:0:1\n No removals, no new functions\n Changes: slab and pid structures\n* library: Just check for SIGLOST and don\u0027t delete it\n* library: Fix integer overflow and LPE in file2strvec CVE-2018-1124\n* library: Use size_t for alloc functions CVE-2018-1126\n* library: Increase comm size to 64\n* pgrep: Fix stack-based buffer overflow CVE-2018-1125\n* pgrep: Remove \u003e15 warning as comm can be longer\n* ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123\n* ps: Increase command name selection field to 64\n* top: Don\u0027t use cwd for location of config CVE-2018-1122\n* update translations\n* library: build on non-glibc systems\n* free: fix scaling on 32-bit systems\n* Revert \u0027Support running with child namespaces\u0027\n* library: Increment to 7:0:1\n No changes, no removals\n New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler\n* doc: Document I idle state in ps.1 and top.1\n* free: fix some of the SI multiples\n* kill: -l space between name parses correctly\n* library: dont use vm_min_free on non Linux\n* library: don\u0027t strip off wchan prefixes (ps \u0026 top)\n* pgrep: warn about 15+ char name only if -f not used\n* pgrep/pkill: only match in same namespace by default\n* pidof: specify separator between pids\n* pkill: Return 0 only if we can kill process\n* pmap: fix duplicate output line under \u0027-x\u0027 option\n* ps: avoid eip/esp address truncations\n* ps: recognizes SCHED_DEADLINE as valid CPU scheduler\n* ps: display NUMA node under which a thread ran\n* ps: Add seconds display for cputime and time\n* ps: Add LUID field\n* sysctl: Permit empty string for value\n* sysctl: Don\u0027t segv when file not available\n* sysctl: Read and write large buffers\n* top: add config file support for XDG specification\n* top: eliminated minor libnuma memory leak\n* top: show fewer memory decimal places (configurable)\n* top: provide command line switch for memory scaling\n* top: provide command line switch for CPU States\n* top: provides more accurate cpu usage at startup\n* top: display NUMA node under which a thread ran\n* top: fix argument parsing quirk resulting in SEGV\n* top: delay interval accepts non-locale radix point\n* top: address a wishlist man page NLS suggestion\n* top: fix potential distortion in \u0027Mem\u0027 graph display\n* top: provide proper multi-byte string handling\n* top: startup defaults are fully customizable\n* watch: define HOST_NAME_MAX where not defined\n* vmstat: Fix alignment for disk partition format\n* watch: Support ANSI 39,49 reset sequences\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2379",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2379-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2379-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/373YKSXQ2VINMOOBAFFGM6KATT7DSMIN/#373YKSXQ2VINMOOBAFFGM6KATT7DSMIN"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2379-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/373YKSXQ2VINMOOBAFFGM6KATT7DSMIN/#373YKSXQ2VINMOOBAFFGM6KATT7DSMIN"
},
{
"category": "self",
"summary": "SUSE Bug 1092100",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "self",
"summary": "SUSE Bug 1121753",
"url": "https://bugzilla.suse.com/1121753"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "Security update for procps",
"tracking": {
"current_release_date": "2019-10-26T16:24:57Z",
"generator": {
"date": "2019-10-26T16:24:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2379-1",
"initial_release_date": "2019-10-26T16:24:57Z",
"revision_history": [
{
"date": "2019-10-26T16:24:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libprocps7-3.3.15-lp150.5.3.1.i586",
"product": {
"name": "libprocps7-3.3.15-lp150.5.3.1.i586",
"product_id": "libprocps7-3.3.15-lp150.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "procps-3.3.15-lp150.5.3.1.i586",
"product": {
"name": "procps-3.3.15-lp150.5.3.1.i586",
"product_id": "procps-3.3.15-lp150.5.3.1.i586"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.15-lp150.5.3.1.i586",
"product": {
"name": "procps-devel-3.3.15-lp150.5.3.1.i586",
"product_id": "procps-devel-3.3.15-lp150.5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps7-3.3.15-lp150.5.3.1.x86_64",
"product": {
"name": "libprocps7-3.3.15-lp150.5.3.1.x86_64",
"product_id": "libprocps7-3.3.15-lp150.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-3.3.15-lp150.5.3.1.x86_64",
"product": {
"name": "procps-3.3.15-lp150.5.3.1.x86_64",
"product_id": "procps-3.3.15-lp150.5.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.15-lp150.5.3.1.x86_64",
"product": {
"name": "procps-devel-3.3.15-lp150.5.3.1.x86_64",
"product_id": "procps-devel-3.3.15-lp150.5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps7-3.3.15-lp150.5.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586"
},
"product_reference": "libprocps7-3.3.15-lp150.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps7-3.3.15-lp150.5.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64"
},
"product_reference": "libprocps7-3.3.15-lp150.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.15-lp150.5.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586"
},
"product_reference": "procps-3.3.15-lp150.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.15-lp150.5.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64"
},
"product_reference": "procps-3.3.15-lp150.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.15-lp150.5.3.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586"
},
"product_reference": "procps-devel-3.3.15-lp150.5.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.15-lp150.5.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
},
"product_reference": "procps-devel-3.3.15-lp150.5.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T16:24:57Z",
"details": "important"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T16:24:57Z",
"details": "important"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T16:24:57Z",
"details": "important"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T16:24:57Z",
"details": "important"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:libprocps7-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-3.3.15-lp150.5.3.1.x86_64",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.i586",
"openSUSE Leap 15.0:procps-devel-3.3.15-lp150.5.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-10-26T16:24:57Z",
"details": "important"
}
],
"title": "CVE-2018-1126"
}
]
}
OPENSUSE-SU-2024:11195-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libprocps8-3.3.17-5.2 on GA media
Severity
Moderate
Notes
Title of the patch: libprocps8-3.3.17-5.2 on GA media
Description of the patch: These are all security issues fixed in the libprocps8-3.3.17-5.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11195
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
42 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2018-1122/ | self |
| https://www.suse.com/security/cve/CVE-2018-1123/ | self |
| https://www.suse.com/security/cve/CVE-2018-1124/ | self |
| https://www.suse.com/security/cve/CVE-2018-1125/ | self |
| https://www.suse.com/security/cve/CVE-2018-1126/ | self |
| https://www.suse.com/security/cve/CVE-2018-1122 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1123 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1124 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1125 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
| https://www.suse.com/security/cve/CVE-2018-1126 | external |
| https://bugzilla.suse.com/1087082 | external |
| https://bugzilla.suse.com/1092100 | external |
| https://bugzilla.suse.com/1093158 | external |
| https://bugzilla.suse.com/1123135 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1128955 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libprocps8-3.3.17-5.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libprocps8-3.3.17-5.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11195",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11195-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1123 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1124 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1125 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1126/"
}
],
"title": "libprocps8-3.3.17-5.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11195-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libprocps8-3.3.17-5.2.aarch64",
"product": {
"name": "libprocps8-3.3.17-5.2.aarch64",
"product_id": "libprocps8-3.3.17-5.2.aarch64"
}
},
{
"category": "product_version",
"name": "procps-3.3.17-5.2.aarch64",
"product": {
"name": "procps-3.3.17-5.2.aarch64",
"product_id": "procps-3.3.17-5.2.aarch64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.17-5.2.aarch64",
"product": {
"name": "procps-devel-3.3.17-5.2.aarch64",
"product_id": "procps-devel-3.3.17-5.2.aarch64"
}
},
{
"category": "product_version",
"name": "procps-lang-3.3.17-5.2.aarch64",
"product": {
"name": "procps-lang-3.3.17-5.2.aarch64",
"product_id": "procps-lang-3.3.17-5.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps8-3.3.17-5.2.ppc64le",
"product": {
"name": "libprocps8-3.3.17-5.2.ppc64le",
"product_id": "libprocps8-3.3.17-5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-3.3.17-5.2.ppc64le",
"product": {
"name": "procps-3.3.17-5.2.ppc64le",
"product_id": "procps-3.3.17-5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.17-5.2.ppc64le",
"product": {
"name": "procps-devel-3.3.17-5.2.ppc64le",
"product_id": "procps-devel-3.3.17-5.2.ppc64le"
}
},
{
"category": "product_version",
"name": "procps-lang-3.3.17-5.2.ppc64le",
"product": {
"name": "procps-lang-3.3.17-5.2.ppc64le",
"product_id": "procps-lang-3.3.17-5.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps8-3.3.17-5.2.s390x",
"product": {
"name": "libprocps8-3.3.17-5.2.s390x",
"product_id": "libprocps8-3.3.17-5.2.s390x"
}
},
{
"category": "product_version",
"name": "procps-3.3.17-5.2.s390x",
"product": {
"name": "procps-3.3.17-5.2.s390x",
"product_id": "procps-3.3.17-5.2.s390x"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.17-5.2.s390x",
"product": {
"name": "procps-devel-3.3.17-5.2.s390x",
"product_id": "procps-devel-3.3.17-5.2.s390x"
}
},
{
"category": "product_version",
"name": "procps-lang-3.3.17-5.2.s390x",
"product": {
"name": "procps-lang-3.3.17-5.2.s390x",
"product_id": "procps-lang-3.3.17-5.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libprocps8-3.3.17-5.2.x86_64",
"product": {
"name": "libprocps8-3.3.17-5.2.x86_64",
"product_id": "libprocps8-3.3.17-5.2.x86_64"
}
},
{
"category": "product_version",
"name": "procps-3.3.17-5.2.x86_64",
"product": {
"name": "procps-3.3.17-5.2.x86_64",
"product_id": "procps-3.3.17-5.2.x86_64"
}
},
{
"category": "product_version",
"name": "procps-devel-3.3.17-5.2.x86_64",
"product": {
"name": "procps-devel-3.3.17-5.2.x86_64",
"product_id": "procps-devel-3.3.17-5.2.x86_64"
}
},
{
"category": "product_version",
"name": "procps-lang-3.3.17-5.2.x86_64",
"product": {
"name": "procps-lang-3.3.17-5.2.x86_64",
"product_id": "procps-lang-3.3.17-5.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps8-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64"
},
"product_reference": "libprocps8-3.3.17-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps8-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le"
},
"product_reference": "libprocps8-3.3.17-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps8-3.3.17-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x"
},
"product_reference": "libprocps8-3.3.17-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libprocps8-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64"
},
"product_reference": "libprocps8-3.3.17-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64"
},
"product_reference": "procps-3.3.17-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le"
},
"product_reference": "procps-3.3.17-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.17-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-3.3.17-5.2.s390x"
},
"product_reference": "procps-3.3.17-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64"
},
"product_reference": "procps-3.3.17-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64"
},
"product_reference": "procps-devel-3.3.17-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le"
},
"product_reference": "procps-devel-3.3.17-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.17-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x"
},
"product_reference": "procps-devel-3.3.17-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-devel-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64"
},
"product_reference": "procps-devel-3.3.17-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-lang-3.3.17-5.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64"
},
"product_reference": "procps-lang-3.3.17-5.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-lang-3.3.17-5.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le"
},
"product_reference": "procps-lang-3.3.17-5.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-lang-3.3.17-5.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x"
},
"product_reference": "procps-lang-3.3.17-5.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "procps-lang-3.3.17-5.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
},
"product_reference": "procps-lang-3.3.17-5.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-1122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1122"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1122",
"url": "https://www.suse.com/security/cve/CVE-2018-1122"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1122",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1122"
},
{
"cve": "CVE-2018-1123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1123"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1123",
"url": "https://www.suse.com/security/cve/CVE-2018-1123"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1123",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1123"
},
{
"cve": "CVE-2018-1124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1124"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1124",
"url": "https://www.suse.com/security/cve/CVE-2018-1124"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1124",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1124"
},
{
"cve": "CVE-2018-1125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1125"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1125",
"url": "https://www.suse.com/security/cve/CVE-2018-1125"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1125",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1125"
},
{
"cve": "CVE-2018-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1126"
}
],
"notes": [
{
"category": "general",
"text": "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1126",
"url": "https://www.suse.com/security/cve/CVE-2018-1126"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092100 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1092100"
},
{
"category": "external",
"summary": "SUSE Bug 1093158 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1093158"
},
{
"category": "external",
"summary": "SUSE Bug 1123135 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1123135"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1128955 for CVE-2018-1126",
"url": "https://bugzilla.suse.com/1128955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:libprocps8-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-devel-3.3.17-5.2.x86_64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.aarch64",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.ppc64le",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.s390x",
"openSUSE Tumbleweed:procps-lang-3.3.17-5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1126"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…