Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-2110

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-19 Apr, 2012 | 17:00
Updated At-06 Aug, 2024 | 19:26
Rejected At-
Credits

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:19 Apr, 2012 | 17:00
Updated At:06 Aug, 2024 | 19:26
Rejected At:
▼CVE Numbering Authority (CNA)

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
vendor-advisory
x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
x_refsource_CONFIRM
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
vendor-advisory
x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/48899
third-party-advisory
x_refsource_SECUNIA
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
mailing-list
x_refsource_FULLDISC
http://rhn.redhat.com/errata/RHSA-2012-1308.html
vendor-advisory
x_refsource_REDHAT
http://cvs.openssl.org/chngview?cn=22434
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
vendor-advisory
x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-1307.html
vendor-advisory
x_refsource_REDHAT
http://www.exploit-db.com/exploits/18756
exploit
x_refsource_EXPLOIT-DB
http://rhn.redhat.com/errata/RHSA-2012-0518.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2012/dsa-2454
vendor-advisory
x_refsource_DEBIAN
http://support.apple.com/kb/HT5784
x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.ubuntu.com/usn/USN-1424-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/48895
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48847
third-party-advisory
x_refsource_SECUNIA
http://cvs.openssl.org/chngview?cn=22439
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-1306.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-0522.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
vendor-advisory
x_refsource_FEDORA
http://marc.info/?l=bugtraq&m=134039053214295&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/57353
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/53158
vdb-entry
x_refsource_BID
http://marc.info/?l=bugtraq&m=133728068926468&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=134039053214295&w=2
vendor-advisory
x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
vendor-advisory
x_refsource_FEDORA
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133951357207000&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/48942
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/secadv_20120419.txt
x_refsource_CONFIRM
http://cvs.openssl.org/chngview?cn=22431
x_refsource_CONFIRM
http://www.securitytracker.com/id?1026957
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/48999
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133951357207000&w=2
vendor-advisory
x_refsource_HP
http://osvdb.org/81223
vdb-entry
x_refsource_OSVDB
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
vendor-advisory
x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
vendor-advisory
x_refsource_FEDORA
https://kb.juniper.net/KB27376
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133728068926468&w=2
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Resource:
x_refsource_CONFIRM
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/48899
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1308.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://cvs.openssl.org/chngview?cn=22434
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1307.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.exploit-db.com/exploits/18756
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0518.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2012/dsa-2454
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://support.apple.com/kb/HT5784
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.ubuntu.com/usn/USN-1424-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/48895
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48847
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://cvs.openssl.org/chngview?cn=22439
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1306.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0522.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/57353
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/53158
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/48942
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.openssl.org/news/secadv_20120419.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://cvs.openssl.org/chngview?cn=22431
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1026957
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/48999
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://osvdb.org/81223
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://kb.juniper.net/KB27376
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Resource:
vendor-advisory
x_refsource_HP
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
x_refsource_CONFIRM
x_transferred
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
vendor-advisory
x_refsource_HP
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/48899
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1308.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://cvs.openssl.org/chngview?cn=22434
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1307.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.exploit-db.com/exploits/18756
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0518.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2012/dsa-2454
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://support.apple.com/kb/HT5784
x_refsource_CONFIRM
x_transferred
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.ubuntu.com/usn/USN-1424-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/48895
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48847
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://cvs.openssl.org/chngview?cn=22439
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1306.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0522.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://marc.info/?l=bugtraq&m=134039053214295&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/57353
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/53158
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=bugtraq&m=133728068926468&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=134039053214295&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=133951357207000&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/48942
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.openssl.org/news/secadv_20120419.txt
x_refsource_CONFIRM
x_transferred
http://cvs.openssl.org/chngview?cn=22431
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1026957
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/48999
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=133951357207000&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://osvdb.org/81223
vdb-entry
x_refsource_OSVDB
x_transferred
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
vendor-advisory
x_refsource_HP
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://kb.juniper.net/KB27376
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=133728068926468&w=2
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/48899
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1308.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://cvs.openssl.org/chngview?cn=22434
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1307.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/18756
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0518.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2454
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://support.apple.com/kb/HT5784
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1424-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/48895
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48847
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://cvs.openssl.org/chngview?cn=22439
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1306.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0522.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/57353
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/53158
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/48942
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.openssl.org/news/secadv_20120419.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://cvs.openssl.org/chngview?cn=22431
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026957
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/48999
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://osvdb.org/81223
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://kb.juniper.net/KB27376
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:19 Apr, 2012 | 17:55
Updated At:11 Apr, 2025 | 00:51

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

OpenSSL
openssl
>>openssl>>1.0.0
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0a
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0b
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0c
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0d
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0e
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.0g
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>Versions up to 0.9.8u(inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.1c
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.2b
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.3
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.3a
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.4
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5a
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5a
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.5a
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6b
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6c
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6d
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6e
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6f
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6g
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6h
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6i
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6j
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6k
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6l
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6m
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.htmlsecalert@redhat.com
Exploit
http://cvs.openssl.org/chngview?cn=22431secalert@redhat.com
N/A
http://cvs.openssl.org/chngview?cn=22434secalert@redhat.com
N/A
http://cvs.openssl.org/chngview?cn=22439secalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133728068926468&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133728068926468&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2secalert@redhat.com
N/A
http://osvdb.org/81223secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0518.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0522.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/48847secalert@redhat.com
N/A
http://secunia.com/advisories/48895secalert@redhat.com
N/A
http://secunia.com/advisories/48899secalert@redhat.com
N/A
http://secunia.com/advisories/48942secalert@redhat.com
N/A
http://secunia.com/advisories/48999secalert@redhat.com
N/A
http://secunia.com/advisories/57353secalert@redhat.com
N/A
http://support.apple.com/kb/HT5784secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564secalert@redhat.com
N/A
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2454secalert@redhat.com
N/A
http://www.exploit-db.com/exploits/18756secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060secalert@redhat.com
N/A
http://www.openssl.org/news/secadv_20120419.txtsecalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/53158secalert@redhat.com
N/A
http://www.securitytracker.com/id?1026957secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1424-1secalert@redhat.com
N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862secalert@redhat.com
N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862secalert@redhat.com
N/A
https://kb.juniper.net/KB27376secalert@redhat.com
N/A
http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://cvs.openssl.org/chngview?cn=22431af854a3a-2127-422b-91ae-364da2661108
N/A
http://cvs.openssl.org/chngview?cn=22434af854a3a-2127-422b-91ae-364da2661108
N/A
http://cvs.openssl.org/chngview?cn=22439af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133728068926468&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133728068926468&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133951357207000&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134039053214295&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/81223af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0518.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0522.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1306.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1307.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1308.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48847af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48895af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48899af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48942af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48999af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57353af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5784af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2454af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/18756af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:060af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openssl.org/news/secadv_20120419.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/53158af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026957af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1424-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862af854a3a-2127-422b-91ae-364da2661108
N/A
https://kb.juniper.net/KB27376af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://cvs.openssl.org/chngview?cn=22431
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://cvs.openssl.org/chngview?cn=22434
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://cvs.openssl.org/chngview?cn=22439
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/81223
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0518.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0522.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1306.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1307.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1308.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48847
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48895
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48899
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48942
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48999
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57353
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5784
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2454
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/18756
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20120419.txt
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/53158
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026957
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1424-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://kb.juniper.net/KB27376
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://cvs.openssl.org/chngview?cn=22431
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://cvs.openssl.org/chngview?cn=22434
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://cvs.openssl.org/chngview?cn=22439
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728068926468&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133951357207000&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134039053214295&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/81223
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0518.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0522.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1306.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1307.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1308.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48847
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48895
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48899
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48942
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48999
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57353
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5784
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2454
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/18756
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20120419.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/53158
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026957
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1424-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kb.juniper.net/KB27376
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2073Records found

CVE-2017-7792
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.56% / 92.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7785
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.90% / 93.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5464
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.00%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5469
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.71% / 90.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5459
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.62% / 90.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5375
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-61.56% / 98.27%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5410
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.33% / 90.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5430
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 72.76%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirdfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5470
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.55% / 87.24%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5202
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 76.93%
||
7 Day CHG~0.00%
Published-28 Jan, 2017 | 01:33
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5205
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 76.93%
||
7 Day CHG~0.00%
Published-28 Jan, 2017 | 01:33
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5373
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.03% / 83.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5204
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 83.64%
||
7 Day CHG~0.00%
Published-28 Jan, 2017 | 01:33
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5400
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-17833
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 77.87%
||
7 Day CHG~0.00%
Published-23 Apr, 2018 | 18:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

Action-Not Available
Vendor-openslpn/aCanonical Ltd.Red Hat, Inc.Lenovo Group LimitedDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthinkserver_rd450thinkserver_rd450xthinkserver_rd450_firmwarethinkserver_sd350enterprise_linux_server_eusenterprise_linux_server_austhinksystem_hr630xthinkserver_rd640fan_power_controllerflex_system_fc3171_8gb_san_switch_firmwarethinkserver_td340thinkserver_rq750_firmwarethinkserver_rd540thinkserver_rd350x_firmwarethinkserver_rd350xbm_nextscale_fan_power_controllerthinkserver_rd350_firmwarethinkserver_rd340thinkserver_rd350enterprise_linux_workstationthinkserver_rd440thinkserver_rd540_firmwarethinkserver_rd450x_firmwarethinkserver_rd350g_firmwarethinkserver_rd340_firmwarethinkserver_rq750thinkserver_sd350_firmwarestorage_n4610thinkserver_rd650enterprise_linux_desktopthinkserver_rd650_firmwarethinkserver_rd350gcmmthinkserver_rs160thinksystem_sr630thinksystem_sr630_firmwarethinkserver_rs160_firmwarethinkserver_td350_firmwarethinkserver_ts460flex_system_fc3171_8gb_san_switchstorage_n3310thinkserver_rd640_firmwareimm1thinksystem_hr630x_firmwareopenslpimm2thinkserver_rd550_firmwarethinkserver_td350debian_linuxxclarity_administratorthinkserver_ts460_firmwarethinkserver_td340_firmwarethinkserver_rd440_firmwarethinksystem_hr650xenterprise_linux_server_tusstorage_n4610_firmwarestorage_n3310_firmwarethinksystem_hr650x_firmwarethinkserver_rd550n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-14493
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.62% / 89.97%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Action-Not Available
Vendor-thekelleysn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_workstationdnsmasqleapdebian_linuxenterprise_linux_serverubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-7175
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.05%
||
7 Day CHG~0.00%
Published-27 Mar, 2007 | 23:00
Updated-07 Aug, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

Action-Not Available
Vendor-sendmailn/aRed Hat, Inc.
Product-enterprise_linuxsendmailn/a
CVE-2011-0720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.41% / 79.70%
||
7 Day CHG~0.00%
Published-03 Feb, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Plone Foundation
Product-luciplonecongan/a
CVE-2011-0706
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

Action-Not Available
Vendor-n/aRed Hat, Inc.Sun Microsystems (Oracle Corporation)
Product-icedtea-webjdkn/a
CVE-2020-8595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.84% / 73.80%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 14:10
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match.

Action-Not Available
Vendor-istion/aRed Hat, Inc.
Product-enterprise_linuxistioopenshift_service_meshn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0019
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.77%
||
7 Day CHG~0.00%
Published-23 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.
Product-directory_server389_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.03%
||
7 Day CHG~0.00%
Published-10 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

Action-Not Available
Vendor-turbolinuxnmhn/aRed Hat, Inc.
Product-nmhlinuxturbolinuxn/a
CVE-2010-4252
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.84% / 85.66%
||
7 Day CHG~0.00%
Published-06 Dec, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-7313
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.05%
||
7 Day CHG~0.00%
Published-31 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

Action-Not Available
Vendor-snoopyn/aRed Hat, Inc.Nagios Enterprises, LLC
Product-snoopynagiosopenstackn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2010-4494
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Action-Not Available
Vendor-n/aGoogle LLCFedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxSUSEThe Apache Software FoundationRed Hat, Inc.openSUSEApple Inc.HP Inc.
Product-fedorainsight_control_server_deploymentsuse_linux_enterprise_serverenterprise_linux_workstationrapid_deployment_packiphone_ositunessafarichromeopensusedebian_linuxlibxml2enterprise_linux_serveropenofficeenterprise_linux_desktopenterprise_linux_eusmac_os_xn/a
CWE ID-CWE-415
Double Free
CVE-2010-3708
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.42% / 84.49%
||
7 Day CHG~0.00%
Published-30 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_soa_platformjboss_enterprise_application_platformn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3702
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.28% / 90.55%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Action-Not Available
Vendor-xpdfreadern/aSUSEDebian GNU/LinuxCanonical Ltd.Fedora ProjectRed Hat, Inc.openSUSEApple Inc.freedesktop.org
Product-ubuntu_linuxfedoraopensusepopplerdebian_linuxlinux_enterprise_serverenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopcupsxpdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-0742
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-03 Jun, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CVE-2017-7793
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.24% / 86.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2017-5435
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.48% / 84.69%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2020-1745
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-2.02% / 83.02%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 00:00
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

Action-Not Available
Vendor-undertow-ioRed Hat, Inc.
Product-undertowundertow
CWE ID-CWE-285
Improper Authorization
CVE-2017-5434
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.00%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2009-0653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.85%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 19:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-1762
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-1.30% / 78.93%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:41
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

Action-Not Available
Vendor-kiali[Kiali]Red Hat, Inc.
Product-kialiopenshift_service_meshkiali
CWE ID-CWE-613
Insufficient Session Expiration
CWE ID-CWE-384
Session Fixation
CVE-2020-1693
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-7.13% / 91.17%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 19:35
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-spacewalkspacewalk
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-1764
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-5.25% / 89.59%
||
7 Day CHG~0.00%
Published-26 Mar, 2020 | 11:16
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Action-Not Available
Vendor-kialiRed Hat, Inc.
Product-kialiopenshift_service_meshkiali
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2009-0180
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.00%
||
7 Day CHG~0.00%
Published-20 Jan, 2009 | 16:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.

Action-Not Available
Vendor-nfsn/aRed Hat, Inc.
Product-fedoranfs-utilsn/a
CWE ID-CWE-264
Not Available
CVE-2004-0642
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.80% / 96.04%
||
7 Day CHG~0.00%
Published-10 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-enterprise_linux_serverenterprise_linux_desktopenterprise_linux_workstationdebian_linuxkerberos_5n/a
CWE ID-CWE-415
Double Free
CVE-2004-0750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.95%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linuxn/a
CVE-2017-14746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.33% / 96.33%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Samba
Product-enterprise_linux_desktopenterprise_linux_workstationsambadebian_linuxenterprise_linux_serverubuntu_linuxn/a
CWE ID-CWE-416
Use After Free
CVE-2017-14491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-52.38% / 97.84%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aHuawei Technologies Co., Ltd.Debian GNU/LinuxSUSERed Hat, Inc.Aruba NetworksSynology, Inc.NVIDIA CorporationArista Networks, Inc.Canonical Ltd.openSUSEMicrosoft CorporationSiemens AG
Product-enterprise_linux_desktopruggedcom_rm1224_firmwarescalance_w1750d_firmwarescalance_s615enterprise_linux_workstationlinux_for_tegradnsmasqlinux_enterprise_serverleaprouter_managerlinux_enterprise_point_of_salearubaosenterprise_linux_serverdebian_linuxjetson_tk1scalance_s615_firmwaregeforce_experiencelinux_enterprise_debuginfoeosscalance_m-800diskstation_managerhonor_v9_play_firmwarejetson_tx1scalance_w1750druggedcom_rm1224ubuntu_linuxhonor_v9_playscalance_m-800_firmwarewindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-15095
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.87% / 90.99%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 15:00
Updated-16 Sep, 2024 | 22:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-communications_diameter_signaling_routerutilities_advanced_spatial_and_operational_analyticsprimavera_unifiercommunications_billing_and_revenue_managemententerprise_manager_for_virtualizationopenshift_container_platformenterprise_linuxglobal_lifecycle_management_opatchautosatellitebanking_platformdatabase_servercommunications_instant_messaging_serveroncommand_shiftsatellite_capsulesnapcenterclusterwaredebian_linuxjackson-databindfinancial_services_analytical_applications_infrastructureoncommand_performance_manageroncommand_balanceidentity_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaljackson-databind
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-12629
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.89% / 99.87%
||
7 Day CHG~0.00%
Published-14 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.The Apache Software Foundation
Product-jboss_enterprise_application_platformsolrdebian_linuxenterprise_linux_serverubuntu_linuxApache Solr before 7.1 with Apache Lucene before 7.1
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-12902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12987
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12896
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12899
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2003-0546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.52%
||
7 Day CHG~0.00%
Published-14 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-up2daten/a
CVE-2017-12149
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.31% / 99.94%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 20:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-10||Apply updates per vendor instructions.

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformjbossasJBoss Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2015-7545
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-31.25% / 96.60%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

Action-Not Available
Vendor-git_projectn/aRed Hat, Inc.openSUSECanonical Ltd.
Product-opensusegitubuntu_linuxsoftware_collectionsn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 41
  • 42
  • Next
Details not found