Branch c6 update bulletin.

Package openssl10 updated to version 1.0.0p-alt0.M60C.1 for branch c6 in task 138376.

Published: 2015-06-02
Modified: 2016-11-28

BDU:2015-06127

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному нарушителю нарушить доступность защищаемой информации

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-06-02
Modified: 2016-11-28

BDU:2015-06128

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-06-01
Modified: 2016-11-28

BDU:2015-06129

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-06-02
Modified: 2016-11-28

BDU:2015-06130

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-06-01
Modified: 2016-11-28

BDU:2015-06131

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09142

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09143

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09144

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09145

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09146

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2016-07-07
Modified: 2016-11-30

BDU:2015-09819

Уязвимости операционной системы Альт Линукс СПТ, позволяющие удаленному злоумышленнику нарушить целостность и доступность передаваемой защищаемой информации

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

References:

Published: 2016-07-05
Modified: 2017-06-21

BDU:2015-09905

Уязвимости системы автоматизации деятельности предприятия 1С:Предприятие, позволяющие злоумышленнику вызвать отказ в обслуживании или получить доступ к зашифрованным данным без знания ключа шифрования

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2016-07-07
Modified: 2021-03-23

BDU:2015-09960

Уязвимость программной платформы Java Platform, позволяющая нарушителю, действующему удаленно, упростить процесс расшифровки сообщения

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

CVE-2015-0204

Published: 2016-07-07
Modified: 2021-03-23

BDU:2015-09963

Уязвимость программной платформы JRockit, позволяющая нарушителю, действующему удаленно, упростить процесс расшифровки сообщения

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

CVE-2015-0204

Published: 2015-05-06
Modified: 2021-03-23

BDU:2015-09980

Уязвимость системы управления базами данных MySQL, позволяющая удаленному нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2014-3569

Published: 2014-12-24
Modified: 2025-04-12

CVE-2014-3569

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2014-3570

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2014-3571

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2014-3572

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2014-8275

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2015-0204

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2015-0205

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Published: 2015-01-09
Modified: 2025-04-12

CVE-2015-0206

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Package dbus updated to version 1.6.30-alt0.M60C.1 for branch c6 in task 154195.

Published: 2016-07-06
Modified: 2024-07-05

BDU:2015-01741

Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить доступность защищаемой информации

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-04278

Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить доступность защищаемой информации

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2014-3638

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04279

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2014-3638

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04280

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2014-3638

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04281

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2014-3638

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04282

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2014-3638

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09737

Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить доступность защищаемой информации

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09788

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2020-10-07
Modified: 2024-11-28

BDU:2020-04521

Уязвимость системы межпроцессорного взаимодействия D-Bus, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.0) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

CVE-2015-0245

Published: 2013-07-03
Modified: 2025-04-11

CVE-2013-2168

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-07-01
Modified: 2025-04-12

CVE-2014-3477

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service (initialization failure and exit) or possibly conduct a side-channel attack via a D-Bus message to an inactive service.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: MEDIUM (4.0) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Published: 2014-07-19
Modified: 2025-04-12

CVE-2014-3533

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2014-09-22
Modified: 2025-04-12

CVE-2014-3635

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2014-10-25
Modified: 2025-04-12

CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-09-22
Modified: 2025-04-12

CVE-2014-3637

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2014-09-22
Modified: 2025-04-12

CVE-2014-3638

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2014-09-22
Modified: 2025-04-12

CVE-2014-3639

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-02-13
Modified: 2025-04-12

CVE-2015-0245

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.

Severity: LOW (1.9) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

References:

Package libxml2 updated to version 2.9.3-alt0.M60C.1 for branch c6 in task 154195.

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-02885

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2024-07-05

BDU:2015-04349

Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04350

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04351

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04352

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04353

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04354

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-04355

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-05507

Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-05508

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-05509

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-05510

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-05511

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05512

Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05513

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05514

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05515

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05516

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05517

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05518

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05519

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05520

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05521

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05522

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05523

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05524

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05525

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05526

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-05527

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

CVE-2012-5134

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06384

Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06385

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06387

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06389

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2021-03-29

BDU:2015-06428

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-06429

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2021-03-25

BDU:2015-06430

Множественные уязвимости пакета mingw32-libxml2-static-2.7.6 операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07045

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07047

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07048

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07049

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-07050

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-07-24
Modified: 2016-11-28

BDU:2015-07409

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08639

Уязвимости операционной системы CentOS, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08640

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-08641

Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09022

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09023

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09024

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09025

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09191

Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09192

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09193

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09194

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09195

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-04-28
Modified: 2016-11-28

BDU:2015-09196

Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2021-03-29

BDU:2015-09421

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09713

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2015-04-28
Modified: 2024-11-28

BDU:2015-09789

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01642

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01643

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01644

Уязвимость библиотеки libxml2, позволяющая нарушителю получить доступ к защищаемой информации из памяти процесса

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01645

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01646

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01647

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01648

Уязвимость библиотеки libxml2, позволяющая нарушителю получить конфиденциальную информацию

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Published: 2016-07-19
Modified: 2021-03-23

BDU:2016-01649

Уязвимость библиотеки libxml2, позволяющая нарушителю получить конфиденциальную информацию, вызвать отказ в обслуживании или оказать другое воздействие

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2016-07-19
Modified: 2021-03-23

BDU:2016-01665

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или читать произвольные файлы

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2016-07-19
Modified: 2024-11-28

BDU:2016-01666

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2010-12-07
Modified: 2025-04-11

CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Published: 2011-09-02
Modified: 2025-04-11

CVE-2011-1944

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Severity: CRITICAL (9.3) Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Published: 2012-12-21
Modified: 2025-04-11

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2012-08-31
Modified: 2025-04-11

CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2012-11-28
Modified: 2025-04-11

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2013-04-25
Modified: 2025-04-11

CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Published: 2014-01-21
Modified: 2025-04-11

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Published: 2013-07-10
Modified: 2025-04-11

CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2014-11-04
Modified: 2025-04-12

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

References:

Published: 2015-12-15
Modified: 2025-04-12

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Published: 2016-04-11
Modified: 2025-04-12

CVE-2015-8710

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Обновить

Version: 2.1.2

ALT-BU-2015-2821-1

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed bugs