Vulnerability-Lookup

CVE-2016-0801 (GCVE-0-2016-0801)

Vulnerability from cvelistv5 – Published: 2016-02-07 01:00 – Updated: 2024-08-05 22:30

Summary

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

Severity ?

No CVSS data available.

CWE

Assigner

google_android

References

URL

Tags

	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://support.apple.com/HT206167	x_refsource_CONFIRM
	https://support.apple.com/HT206168	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/39801/	exploitx_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1035353	vdb-entryx_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.arubanetworks.com/assets/alert/ARUBA-P…	x_refsource_CONFIRM
	https://support.apple.com/HT206169	x_refsource_CONFIRM
	https://support.apple.com/HT206166	x_refsource_CONFIRM
	http://source.android.com/security/bulletin/2016-…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2016-03-21-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206168"
          },
          {
            "name": "39801",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39801/"
          },
          {
            "name": "1035353",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035353"
          },
          {
            "name": "APPLE-SA-2016-03-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
          },
          {
            "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206169"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206166"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-02-01.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-13T10:57:01.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "name": "APPLE-SA-2016-03-21-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206168"
        },
        {
          "name": "39801",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39801/"
        },
        {
          "name": "1035353",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035353"
        },
        {
          "name": "APPLE-SA-2016-03-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
        },
        {
          "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206169"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206166"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-02-01.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-0801",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2016-03-21-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT206167",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "https://support.apple.com/HT206168",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "39801",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39801/"
            },
            {
              "name": "1035353",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035353"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
            },
            {
              "name": "https://support.apple.com/HT206169",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206169"
            },
            {
              "name": "https://support.apple.com/HT206166",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "http://source.android.com/security/bulletin/2016-02-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-02-01.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2016-0801",
    "datePublished": "2016-02-07T01:00:00.000Z",
    "dateReserved": "2015-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:30:04.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-F9JM-8GC5-4V7G

Vulnerability from github – Published: 2022-05-14 01:23 – Updated: 2025-04-12 12:56

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-0801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-07T01:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.",
  "id": "GHSA-f9jm-8gc5-4v7g",
  "modified": "2025-04-12T12:56:40Z",
  "published": "2022-05-14T01:23:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0801"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206166"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206167"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206169"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39801"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-02-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035353"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-0801

Vulnerability from fkie_nvd - Published: 2016-02-07 01:59 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@android.com	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
security@android.com	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
security@android.com	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
security@android.com	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
security@android.com	http://source.android.com/security/bulletin/2016-02-01.html	Vendor Advisory
security@android.com	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
security@android.com	http://www.securitytracker.com/id/1035353
security@android.com	https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
security@android.com	https://support.apple.com/HT206166
security@android.com	https://support.apple.com/HT206167
security@android.com	https://support.apple.com/HT206168
security@android.com	https://support.apple.com/HT206169
security@android.com	https://www.exploit-db.com/exploits/39801/
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://source.android.com/security/bulletin/2016-02-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035353
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206166
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206167
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206168
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206169
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39801/

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*
google	android	4.4.4
google	android	5.0
google	android	5.1.1
google	android	6.0
google	android	6.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237",
              "versionEndIncluding": "9.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
              "versionEndIncluding": "10.11.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A",
              "versionEndIncluding": "9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F",
              "versionEndIncluding": "2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3CEEA22-63B4-4702-A400-01349DF0EC1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029."
    },
    {
      "lang": "es",
      "value": "El controlador Broadcom Wi-Fi en el kernel en Android 4.x en versiones anteriores a 4.4.4, 5.x en versiones anteriores a 5.1.1 LMY49G y 6.x en versiones anteriores a 2016-02-01 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un paquete de mensajes de control inal\u00e1mbricos manipulado, tambi\u00e9n conocido como error interno 25662029."
    }
  ],
  "id": "CVE-2016-0801",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-07T01:59:00.117",
  "references": [
    {
      "source": "security@android.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "source": "security@android.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "source": "security@android.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "source": "security@android.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-02-01.html"
    },
    {
      "source": "security@android.com",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
    },
    {
      "source": "security@android.com",
      "url": "http://www.securitytracker.com/id/1035353"
    },
    {
      "source": "security@android.com",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
    },
    {
      "source": "security@android.com",
      "url": "https://support.apple.com/HT206166"
    },
    {
      "source": "security@android.com",
      "url": "https://support.apple.com/HT206167"
    },
    {
      "source": "security@android.com",
      "url": "https://support.apple.com/HT206168"
    },
    {
      "source": "security@android.com",
      "url": "https://support.apple.com/HT206169"
    },
    {
      "source": "security@android.com",
      "url": "https://www.exploit-db.com/exploits/39801/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-02-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT206166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT206167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT206168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT206169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/39801/"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-106

Vulnerability from certfr_avis - Published: 2016-03-22 - Updated: 2016-03-22

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	N/A	tvOS versions antérieures à 9.2 pour Apple TV (4ème génération)
Apple	N/A	OS X El Capitan 10.11.x versions antérieures à 10.11.4
Apple	N/A	iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents
Apple	N/A	watchOS versions antérieures à 2.2
Apple	N/A	OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures
Apple	N/A	Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures
Apple	N/A	OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	Safari	Safari versions antérieures à 9.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206173 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206169 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206168 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206171 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206166 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206172 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206167 du 21 mars 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 9.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
    },
    {
      "name": "CVE-2016-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
    },
    {
      "name": "CVE-2016-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
    },
    {
      "name": "CVE-2016-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
    },
    {
      "name": "CVE-2016-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
    },
    {
      "name": "CVE-2016-1748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
    },
    {
      "name": "CVE-2016-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
    },
    {
      "name": "CVE-2016-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
    },
    {
      "name": "CVE-2016-1735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
    },
    {
      "name": "CVE-2016-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
    },
    {
      "name": "CVE-2016-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
    },
    {
      "name": "CVE-2016-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
    },
    {
      "name": "CVE-2016-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
    },
    {
      "name": "CVE-2016-1719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-1727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2015-3184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
    },
    {
      "name": "CVE-2015-1819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
    },
    {
      "name": "CVE-2016-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
    },
    {
      "name": "CVE-2016-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
    },
    {
      "name": "CVE-2016-1768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
    },
    {
      "name": "CVE-2016-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
    },
    {
      "name": "CVE-2016-1744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
    },
    {
      "name": "CVE-2016-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
    },
    {
      "name": "CVE-2016-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2016-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
    },
    {
      "name": "CVE-2015-3187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
    },
    {
      "name": "CVE-2016-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
    },
    {
      "name": "CVE-2016-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2016-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
    },
    {
      "name": "CVE-2009-2197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
    },
    {
      "name": "CVE-2016-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
    },
    {
      "name": "CVE-2016-1733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
    },
    {
      "name": "CVE-2016-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
    },
    {
      "name": "CVE-2016-1723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
    },
    {
      "name": "CVE-2016-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
    },
    {
      "name": "CVE-2016-1756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
    },
    {
      "name": "CVE-2016-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
    },
    {
      "name": "CVE-2016-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
    },
    {
      "name": "CVE-2014-9495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-7942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
    },
    {
      "name": "CVE-2015-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
    },
    {
      "name": "CVE-2015-8126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
    },
    {
      "name": "CVE-2016-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
    },
    {
      "name": "CVE-2016-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2016-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
    },
    {
      "name": "CVE-2016-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
    },
    {
      "name": "CVE-2016-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
    },
    {
      "name": "CVE-2016-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
    },
    {
      "name": "CVE-2016-1743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
    },
    {
      "name": "CVE-2016-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
    },
    {
      "name": "CVE-2016-1724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-8659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
    },
    {
      "name": "CVE-2016-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
    },
    {
      "name": "CVE-2016-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
    },
    {
      "name": "CVE-2016-1732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
    },
    {
      "name": "CVE-2016-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
    },
    {
      "name": "CVE-2016-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
    },
    {
      "name": "CVE-2016-1765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
    },
    {
      "name": "CVE-2016-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
    },
    {
      "name": "CVE-2016-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
    },
    {
      "name": "CVE-2016-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
    },
    {
      "name": "CVE-2016-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
    },
    {
      "name": "CVE-2016-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
    },
    {
      "name": "CVE-2015-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
    },
    {
      "name": "CVE-2016-1722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
    },
    {
      "name": "CVE-2015-0973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
    },
    {
      "name": "CVE-2016-1738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
    },
    {
      "name": "CVE-2016-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
    },
    {
      "name": "CVE-2015-7551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
    },
    {
      "name": "CVE-2016-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
    },
    {
      "name": "CVE-2016-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
    },
    {
      "name": "CVE-2016-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
    },
    {
      "name": "CVE-2015-8472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
    },
    {
      "name": "CVE-2016-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
    },
    {
      "name": "CVE-2016-1726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
    },
    {
      "name": "CVE-2016-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2016-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
    }
  ],
  "initial_release_date": "2016-03-22T00:00:00",
  "last_revision_date": "2016-03-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206173"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206169"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206168"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206166"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206172"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206167"
    }
  ]
}

CERTFR-2016-AVI-167

Vulnerability from certfr_avis - Published: 2016-05-12 - Updated: 2016-05-12

De multiples vulnérabilités ont été corrigées dans ArubaOS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	ArubaOS versions 6.4.4.x antérieures à 6.4.4.5
N/A	N/A	ArubaOS versions 6.4.3.x antérieures à 6.4.3.7
N/A	N/A	ArubaOS versions 6.4.2.x antérieures à 6.4.2.16
N/A	N/A	ArubaOS versions antérieures à 6.3.1.21

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba ARUBA-PSA-2016-007 du 11 mai 2016	None	vendor-advisory
Bulletin de sécurité Aruba ARUBA-PSA-2016-007 du 11 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ArubaOS versions 6.4.4.x ant\u00e9rieures \u00e0 6.4.4.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 6.4.3.x ant\u00e9rieures \u00e0 6.4.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 6.4.2.x ant\u00e9rieures \u00e0 6.4.2.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions ant\u00e9rieures \u00e0 6.3.1.21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
    },
    {
      "name": "CVE-2016-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
    },
    {
      "name": "CVE-2016-8605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8605"
    }
  ],
  "initial_release_date": "2016-05-12T00:00:00",
  "last_revision_date": "2016-05-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2016-007 du 11 mai    2016",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-007.txt"
    }
  ],
  "reference": "CERTFR-2016-AVI-167",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eArubaOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans ArubaOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2016-007 du 11 mai 2016",
      "url": null
    }
  ]
}

GSD-2016-0801

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-0801

Aliases

CVE-2016-0801

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-0801",
    "description": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.",
    "id": "GSD-2016-0801",
    "references": [
      "https://advisories.mageia.org/CVE-2016-0801.html",
      "https://packetstormsecurity.com/files/cve/CVE-2016-0801"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-0801"
      ],
      "details": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.",
      "id": "GSD-2016-0801",
      "modified": "2023-12-13T01:21:17.947858Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2016-0801",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2016-03-21-5",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "name": "https://support.apple.com/HT206167",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206167"
          },
          {
            "name": "https://support.apple.com/HT206168",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206168"
          },
          {
            "name": "39801",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/39801/"
          },
          {
            "name": "1035353",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035353"
          },
          {
            "name": "APPLE-SA-2016-03-21-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
          },
          {
            "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
          },
          {
            "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt",
            "refsource": "CONFIRM",
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
          },
          {
            "name": "https://support.apple.com/HT206169",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206169"
          },
          {
            "name": "https://support.apple.com/HT206166",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206166"
          },
          {
            "name": "http://source.android.com/security/bulletin/2016-02-01.html",
            "refsource": "CONFIRM",
            "url": "http://source.android.com/security/bulletin/2016-02-01.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-0801"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-02-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://source.android.com/security/bulletin/2016-02-01.html"
            },
            {
              "name": "https://support.apple.com/HT206166",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT206169",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT206168",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "https://support.apple.com/HT206167",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "1035353",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035353"
            },
            {
              "name": "39801",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/39801/"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
            },
            {
              "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2016-02-07T01:59Z"
    }
  }
}

CNVD-2016-01098

Vulnerability from cnvd - Published: 2016-02-17

Title

Android内存破坏漏洞（CNVD-2016-01098）

Description

Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。kernel是其中的一个内核。 Android的kernel中的Broadcom Wi-Fi驱动程序中存在安全漏洞。远程攻击者可借助特制的无线控制消息数据包利用该漏洞造成拒绝服务（内存破坏）或执行任意代码。

Severity

高

Patch Name

Android内存破坏漏洞（CNVD-2016-01098）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://source.android.com/security/bulletin/2016-02-01.html

Reference

http://source.android.com/security/bulletin/2016-02-01.html

Impacted products

Name
['Google Android 4.x(<4.4.4)', 'Google Android 5.x(<5.1.1 LMY49G)', 'Google Android 6.x(<2016-02-01)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0801"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5185\u6838\u3002\r\n\r\nAndroid\u7684kernel\u4e2d\u7684Broadcom Wi-Fi\u9a71\u52a8\u7a0b\u5e8f\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u65e0\u7ebf\u63a7\u5236\u6d88\u606f\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\uff09\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Google",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://source.android.com/security/bulletin/2016-02-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01098",
  "openTime": "2016-02-17",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002kernel\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5185\u6838\u3002\r\n\r\nAndroid\u7684kernel\u4e2d\u7684Broadcom Wi-Fi\u9a71\u52a8\u7a0b\u5e8f\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u65e0\u7ebf\u63a7\u5236\u6d88\u606f\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\uff09\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Android\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-01098\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Google Android 4.x(\u003c4.4.4)",
      "Google Android 5.x(\u003c5.1.1 LMY49G)",
      "Google Android 6.x(\u003c2016-02-01)"
    ]
  },
  "referenceLink": "http://source.android.com/security/bulletin/2016-02-01.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-02-11",
  "title": "Android\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-01098\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-0801 (GCVE-0-2016-0801)

GHSA-F9JM-8GC5-4V7G

FKIE_CVE-2016-0801

CERTFR-2016-AVI-106

Solution

CERTFR-2016-AVI-167

Solution

GSD-2016-0801

CNVD-2016-01098

Tags

Sightings

Nomenclature