Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-0235

Published: 28/01/2015 Updated: 14/02/2024
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Glibc

Vulnerability Summary

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions prior to 2.18, allows context-dependent malicious users to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

oracle communications policy management 12.1.1

oracle communications policy management 9.9.1

oracle communications eagle application processor 16.0

oracle exalogic infrastructure 1.0

oracle communications policy management 10.4.1

oracle exalogic infrastructure 2.0

oracle communications webrtc session controller 7.0

oracle communications webrtc session controller 7.2

oracle communications webrtc session controller 7.1

oracle communications policy management 11.5

oracle linux 7

oracle communications session border controller 8.0.0

oracle communications eagle lnp application processor 10.0

oracle linux 5

oracle communications lsms 13.1

oracle communications user data repository

oracle communications application session controller

oracle communications policy management 9.7.3

oracle vm virtualbox

oracle communications session border controller 7.2.0

oracle communications session border controller

debian debian linux 8.0

debian debian linux 7.0

redhat virtualization 6.0

apple mac os x

ibm pureapplication system 1.1.0.0

ibm pureapplication system 2.0.0.0

ibm security access manager for enterprise single sign-on 8.2

ibm pureapplication system 1.0.0.0

php php

Vendor Advisories

Ubuntu Security Notice: eglibc vulnerability
The GNU C Library could be made to crash or run programs ...
Debian CVElist Bug Report Logs: [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots()
Debian Bug report logs - #776391 [CVE-2015-0235]: heap-based buffer overflow in __nss_hostname_digits_dots() Package: eglibc; Maintainer for eglibc is (unknown); Reported by: Ondřej Surý <ondrej@debianorg> Date: Tue, 27 Jan 2015 15:33:01 UTC Severity: grave Tags: security, squeeze, upstream, wheezy Found in versions 2 ...
Debian CVElist Bug Report Logs: php5: CVE-2015-2305: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Debian Bug report logs - #778389 php5: CVE-2015-2305: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Luciano Bello < ...
Debian Security Advisories: DSA-3142-1 eglibc -- security update
Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library: CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument This could be used by an attacker to execute arbitrary code in processes whic ...
Red Hat: Critical: glibc security update
Synopsis Critical: glibc security update Type/Severity Security Advisory: Critical Topic Updated glibc packages that fix one security issue are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Critical securityimpact A Common Vulnerability Scoring S ...
Red Hat: Critical: glibc security update
Synopsis Critical: glibc security update Type/Severity Security Advisory: Critical Topic Updated glibc packages that fix one security issue are now available forRed Hat Enterprise Linux 56 Long Life, Red Hat Enterprise Linux 59Extended Update Support, Red Hat Enterprise Linux 62 Advanced UpdateSupport, a ...
Red Hat: Critical: glibc security update
Synopsis Critical: glibc security update Type/Severity Security Advisory: Critical Topic Updated glibc packages that fix one security issue are now available forRed Hat Enterprise Linux 5Red Hat Product Security has rated this update as having Critical securityimpact A Common Vulnerability Scoring System ...
Red Hat: Critical: glibc security update
Synopsis Critical: glibc security update Type/Severity Security Advisory: Critical Topic Updated glibc packages that fix one security issue are now available forRed Hat Enterprise Linux 4 Extended Life Cycle SupportRed Hat Product Security has rated this update as having Critical securityimpact A Common V ...
Red Hat: Critical: rhev-hypervisor6 security update
Synopsis Critical: rhev-hypervisor6 security update Type/Severity Security Advisory: Critical Topic An updated rhev-hypervisor6 package that fixes multiple security issues isnow available for Red Hat Enterprise Virtualization 3Red Hat Product Security has rated this update as having Critical securityimpac ...
Red Hat: CVE-2015-0235
A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application ...
Amazon Linux AMI: ALAS-2015-473
A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application ...
Amazon Linux AMI: ALAS-2015-493
A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application ...
Amazon Linux AMI: ALAS-2015-494
A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application ...
Citrix Security Bulletins: CVE-2015-0235 - Citrix Security Advisory for glibc GHOST Vulnerability
Overview A vulnerability has been recently disclosed in the glibc gethostbyname() function This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function The issue is known as the GHOST vulnerability and has been assigned the following CVE identifier: CVE-2015-0235: cvemitreorg/cgi-bin/cv ...

Exploits

Exploit DB: Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
# Exploit Title: [Exim ESMTP GHOST DoS PoC Exploit] # Date: [1/29/2015] # Exploit Author: [1N3] # Vendor Homepage: [wwweximorg] # Version: [480 or less] # Tested on: [debian-7-7-64b] # CVE : [2015-0235] #!/usr/bin/python # Exim ESMTP DoS Exploit by 1N3 v20150128 # CVE-2015-0235 GHOST glibc gethostbyname buffer overflow # crowdshieldcom ...
Exploit DB: Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp def initialize(info = {}) super(update_info(info, 'Name' => 'Exim GHOST ( ...
Exploit DB: Exim ESMTP GHOST Denial Of Service
The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash#!/usr/bin/python# Exim ESMTP DoS Exploit by 1N3 v20150128# CVE-2015-0235 GHOST glibc gethostbyname buffer overflow# crowdshieldcom## USAGE: python ghost-smtp-dospy <ip> <port>## Escape character is '^]'# 220 ...
Exploit DB: Qualys Security Advisory - glibc gethostbyname Buffer Overflow
Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc) This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this ...
Exploit DB: Exim GHOST (glibc gethostbyname) Buffer Overflow
This Metasploit module remotely exploits CVE-2015-0235 (aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions) on x86 and x86_64 GNU/Linux systems that run the Exim mail server ...
Exploit DB: Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components ...
Exploit DB: WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...
Exploit DB: Moxa Command Injection / Cross Site Scripting / Vulnerable Software
Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities ...
Exploit DB: Exim GHOST (glibc gethostbyname) Buffer Overflow
This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server ...
Exploit DB: Exim GHOST (glibc gethostbyname) Buffer Overflow
This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server ...

Mailing Lists

Full Disclosure: SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...
Full Disclosure: SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20210901-0 :: Multiple vulnerabilities in MOXA devices <!--X-Subject-Header-End--> <!--X-Head-of-Messag ...

Metasploit Modules

Exim GHOST (glibc gethostbyname) Buffer Overflow

This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server.

msf > use exploit/linux/smtp/exim_gethostbyname_bof
msf exploit(exim_gethostbyname_bof) > show targets
    ...targets...
msf exploit(exim_gethostbyname_bof) > set TARGET < target-id >
msf exploit(exim_gethostbyname_bof) > show options
    ...show and set options...
msf exploit(exim_gethostbyname_bof) > exploit
Exim GHOST (glibc gethostbyname) Buffer Overflow

This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server.

msf > use exploit/linux/smtp/exim_gethostbyname_bof
msf exploit(exim_gethostbyname_bof) > show targets
    ...targets...
msf exploit(exim_gethostbyname_bof) > set TARGET < target-id >
msf exploit(exim_gethostbyname_bof) > show options
    ...show and set options...
msf exploit(exim_gethostbyname_bof) > exploit

Github Repositories

https://github.com/JJediny/peekr-api

Peekr API allows running vulnerability scanning of Docker images through the free Peekr service.

Peekr-API Peekr API allows running vulnerability scanning of Docker images through the free Peekr service Basic Usage Step 1 Log in to Peekr peekraquaseccom and Get user name &amp; API Key from UI Step 2 Generate Athorization header through Base64(user:API Key) This header should be included with all Peekr REST API calls Authorization: Basic dXNlcm5hbWU6YX

https://github.com/koudaiii/cookbook-update-glibc

cookbook for update glibc. CVE-2015-0235(GHOST)

cookbook-update-glibc Overview cookbook for update glibc CVE-2015-0235(GHOST) Japan wwwwalbrixcom/jp/blog/2015-01-ghosthtml English webnvdnistgov/view/vuln/detail?vulnId=CVE-2015-0235 Description update glibc by Chef Solo Attention this cookbook need to reboot Platform is Ubuntu and CentOS Requirement cookbook 'build-essential' co

https://github.com/alanmeyer/CVE-glibc

CVE-2015-0235

CVE-glibc CVE-2015-0235 glibc Get Host by Name Issue Copy and paste to get/check wget githubcom/alanmeyer/CVE-glibc/raw/master/get-GHOSTsh chmod +x get-GHOSTsh /get-GHOSTsh References: ####googleonlinesecurityblogspotcom/2016/02/cve-2015-7547-glibc-getaddrinfo-stackhtml ####wwwopenwallcom/lists/oss-securi

https://github.com/chayim/GHOSTCHECK-cve-2015-0235

A check for GHOST; cve-2015-0235

Ghostcheck This is a really, really light fabric script - for checking the impact of CVE-2015-0235 (GHOST) on a running linux host Forked into Lyrical after writing Python 26 and higher recommended, and Fabric is needed Usage: fab -f ghostcheckpy -u sshusername -p sshpassword -H ip,ip2,ipN go fab -f ghostcheckpy -u sshusername -i /path/to/ssh/key -H ip,ip2,ipN go

https://github.com/F88/ghostbusters15

Playbooks 'Fix for CVE-2015-0235(GHOST)' running on Ansible

ghostbusters15 Playbooks 'Fix for CVE-2015-0235(GHOST)' running on Ansible

https://github.com/geekben/cve-collections

collect the POC and EXP for recent CVEs

CVE collected ###CVE 2015-0235

https://github.com/cloudlinux/libcare

libcare -- Patch Userspace Code in Live Processes

LibCare -- Patch Userspace Code on Live Processes Welcome to LibCare --- Live Patch Updates for Userspace Processes and Libraries LibCare delivers live patches to any of your Linux executables or libraries at the runtime, without the need for restart of your applications Most frequently it is used to perform critical security updates such as glibc's GHOST (aka CVE-2015

https://github.com/r0otshell/CVE-2015-0235

CVE-2015-0235

https://github.com/dineshkumarc987/Exploits

A collection of exploits developed by 1N3 @ CrowdShield - crowdshieldcom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buffer Ov

https://github.com/koudaiii-archives/cookbook-update-glibc

cookbook for update glibc. CVE-2015-0235(GHOST)

cookbook-update-glibc Overview cookbook for update glibc CVE-2015-0235(GHOST) Japan wwwwalbrixcom/jp/blog/2015-01-ghosthtml English webnvdnistgov/view/vuln/detail?vulnId=CVE-2015-0235 Description update glibc by Chef Solo Attention this cookbook need to reboot Platform is Ubuntu and CentOS Requirement cookbook 'build-essential' co

https://github.com/mikesplain/CVE-2015-0235-cookbook

A chef cookbook to test the GHOST vulnerability

CVE-2015-0235-cookbook This cookbook will test if you are vulnerable to CVE-2015-0235 Current behavior will error out when test fails: bash 'test vulnerability against libc' do cwd Chef::Config[:file_cache_path] code &lt;&lt;-EOH /CVE-2015-0235 EOH returns [1] end For debian based systems: CVE-2015-0235

https://github.com/aaronfay/CVE-2015-0235-test

Ansible playbook to check vulnerability for CVE-2015-0235

CVE-2015-0235-test Ansible playbook to check vulnerability for CVE-2015-0235 This is based on the test program provided by the University of Chigago (link) Ansible will allow you to specify a large number of host machines to test at once This does not patch or restart anything, it only reports if your systems are affected Assumes gcc is installed remotely Note! Please don&

https://github.com/r3p3r/1N3-Exploits

A collection of exploits developed by 1N3 @ CrowdShield - crowdshieldcom Vulnserverexe GMON SEH Overflow Exploit FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass) CoolPlayer+ Portable 2196 Stack Overflow (ASLR Bypass) HTTPoxy Exploit/PoC Scanner Ability FTP 234 Buffer Overflow Exploit Aruba AP-205 Buffer Overflow Denial of Service PoC Brainpan1 CTF Buffer Ov

https://github.com/nickanderson/cfengine-CVE_2015_0235

gethostbyname*() buffer overflow exploit in glibc - CVE-2015-0235 https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

CVE_2015_0235 gethostbyname*() buffer overflow exploit in glibc - CVE-2015-0235 communityqualyscom/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability Originally Sourced from Ben Bomgardners post to the help-cfengine mailing list groupsgooglecom/forum/#!topic/help-cfengine/tWjOlO19Mrw Integration into masterfiles Download the policy and extra

https://github.com/fser/ghost-checker

Test wether you're exposed to ghost (CVE-2015-0235). All kudos go to Qualys Security

ghost-checker Test wether you're exposed to ghost (CVE-2015-0235) All kudos go to Qualys Security Usage /tmp/ghost-checker (master)$ make cc -o ghost ghostc /tmp/ghost-checker (master)$ /ghost not vulnerable /tmp/ghost-checker (master)$ make clean rm ghost Credits Qualys Security Team wwwopenwallcom/lists/oss-security/20

https://github.com/Rtoax/libcare

LibCare -- Patch Userspace Code on Live Processes Welcome to LibCare --- Live Patch Updates for Userspace Processes and Libraries LibCare delivers live patches to any of your Linux executables or libraries at the runtime, without the need for restart of your applications Most frequently it is used to perform critical security updates such as glibc's GHOST (aka CVE-201

https://github.com/tobyzxj/CVE-2015-0235

glibc gethostbyname bug

CVE-2015-0235 glibc gethostbyname bug

https://github.com/piyokango/ghost

glibc vulnerability GHOST(CVE-2015-0235) Affected software list

ghost glibc vulnerability GHOST(CVE-2015-0235) Affected software list

https://github.com/pebreo/ansible-simple-example

A simple example project that does security check of GHOST glibc vulnerability.

ANSIBLE EXAMPLE See original repo here: githubcom/aaronfay/CVE-2015-0235-test CREDIT: githubcom/aaronfay CVE-2015-0235-test Ansible playbook to check vulnerability for CVE-2015-0235 This is based on the test program provided by the University of Chigago (link) Ansible will allow you to specify a large number of host machines to test at once This does not patch or r

https://github.com/arthepsy/cve-tests

CVE advisories tests

CVE advisories tests CVE-2015-0235 (GHOST) CVE-2014-0224 (OpenSSL CCS injection)

https://github.com/makelinux/CVE-2015-0235-workaround

A shared library wrapper with additional checks for vulnerable functions gethostbyname2_r gethostbyname_r (GHOST vulnerability)

CVE-2015-0235-workaround aka GHOST glibc vulnerability A shared library wrapper with additional checks for the vulnerable functions gethostbyname2_r and gethostbyname_r The proper solution for CVE-2015-0235 is to upgrade glibc to at least glibc-218 In some cases, an immediate glibc upgrade is not possible, for example in custom production embedded systems, because such an u

Recent Articles

I ain't afraid of no GHOST – securo-bods
The Register • John Leyden • 28 Jan 2015

Serious – but it's no Heartbleed

The latest high-profile security vulnerability affecting Linux systems is serious but nowhere near as bad as the infamous Heartbleed flaw, according to security experts. Hackers might be able to use the so-called GHOST flaw to plant malware or seize control of some Linux-based systems. Security researchers at cloud security firm Qualys found a critical vulnerability in Linux, specifically the GNU C Library (glib). The vulnerability – nicknamed “GHOST” – allows attackers to remotely hack ...

Read more...
BOO! Grave remote-code exec flaw in GNU C Library TERRIFIES Linux
The Register • Neil McAllister in San Francisco • 27 Jan 2015

When there's something strange in your gethostbyname, who y'gonna call? Ghostbusters

Security researchers have uncovered a critical bug in the GNU C Library (glibc), a key component of Linux and some other operating systems, which could render countless machines vulnerable to remote code execution attacks. The flaw, which was discovered by Qualys and assigned CVE-2015-0235, is known as the GHOST vulnerability because it can be triggered by the library's gethostbyname family of functions. An attacker who successfully exploits the flaw can potentially gain complete control over an...

Read more...

References

CWE-787http://seclists.org/oss-sec/2015/q1/274http://seclists.org/oss-sec/2015/q1/269https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerabilityhttp://secunia.com/advisories/62691http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/http://linux.oracle.com/errata/ELSA-2015-0090.htmlhttps://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671http://www-01.ibm.com/support/docview.wss?uid=swg21695835https://kc.mcafee.com/corporate/index?page=content&id=SB10100http://secunia.com/advisories/62698http://linux.oracle.com/errata/ELSA-2015-0092.htmlhttp://secunia.com/advisories/62692https://bto.bluecoat.com/security-advisory/sa90http://secunia.com/advisories/62690http://www-01.ibm.com/support/docview.wss?uid=swg21695860http://secunia.com/advisories/62715http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghosthttp://secunia.com/advisories/62688http://secunia.com/advisories/62681http://secunia.com/advisories/62667https://www.sophos.com/en-us/support/knowledgebase/121879.aspxhttp://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.htmlhttp://secunia.com/advisories/62517http://secunia.com/advisories/62640http://secunia.com/advisories/62680http://seclists.org/fulldisclosure/2015/Jan/111http://www-01.ibm.com/support/docview.wss?uid=swg21696600http://secunia.com/advisories/62883http://secunia.com/advisories/62870http://secunia.com/advisories/62871http://www-01.ibm.com/support/docview.wss?uid=swg21696526http://secunia.com/advisories/62879http://www-01.ibm.com/support/docview.wss?uid=swg21696602http://secunia.com/advisories/62865http://www-01.ibm.com/support/docview.wss?uid=swg21696618http://www-01.ibm.com/support/docview.wss?uid=swg21696243http://www.debian.org/security/2015/dsa-3142http://rhn.redhat.com/errata/RHSA-2015-0126.htmlhttp://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.htmlhttp://www.securityfocus.com/bid/72325http://www.mandriva.com/security/advisories?name=MDVSA-2015:039http://marc.info/?l=bugtraq&m=142721102728110&w=2http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txthttp://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdfhttp://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.htmlhttp://marc.info/?l=bugtraq&m=142781412222323&w=2http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://support.apple.com/kb/HT204942http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttps://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttps://support.apple.com/HT205375http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://marc.info/?l=bugtraq&m=142722450701342&w=2http://marc.info/?l=bugtraq&m=142296726407499&w=2http://marc.info/?l=bugtraq&m=143145428124857&w=2http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668https://www.f-secure.com/en/web/labs_global/fsc-2015-1http://www-01.ibm.com/support/docview.wss?uid=swg21696131http://www-01.ibm.com/support/docview.wss?uid=swg21695774http://www-01.ibm.com/support/docview.wss?uid=swg21695695http://secunia.com/advisories/62816http://secunia.com/advisories/62813http://secunia.com/advisories/62812http://secunia.com/advisories/62758https://security.gentoo.org/glsa/201503-04http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.securitytracker.com/id/1032909http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.netapp.com/advisory/ntap-20150127-0001/http://www.securityfocus.com/archive/1/534845/100/0/threadedhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttp://seclists.org/fulldisclosure/2019/Jun/18https://seclists.org/bugtraq/2019/Jun/14http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdfhttp://www.openwall.com/lists/oss-security/2021/05/04/7http://seclists.org/fulldisclosure/2021/Sep/0http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9http://seclists.org/fulldisclosure/2022/Jun/36http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.htmlhttps://usn.ubuntu.com/2485-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/35951/https://access.redhat.com/security/cve/cve-2015-0235
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook